flex调用javascript代码
姜鹏程
<?xml version="1.0" encoding="utf-8"?>
<s:Application xmlns:fx="http://ns.adobe.com/mxml/2009"
xmlns:s="library://ns.adobe.com/flex/spark"
xmlns:mx="library://ns.adobe.com/flex/mx" minWidth="955" minHeight="600" creationComplete="init(event)">
<fx:Script>
<![CDATA[
import mx.controls.Alert;
import mx.events.FlexEvent;
import mx.messaging.events.MessageAckEvent;
import mx.messaging.events.MessageEvent;
import mx.messaging.events.MessageFaultEvent;
import mx.messaging.messages.AsyncMessage;
import mx.messaging.messages.IMessage;
/**
* 以下代码向浏览器反向插入js方法监听浏览器关闭事件
* */
protected function init(event:FlexEvent):void
{
//一般如果在flash代码中看到这个函数,而且里面的参数可以是用户可以控制的话,就会有XSS的风险,
//我的flash安全扫描工具的扫描原理也是如此,碰到这个函数还有geturl,如果里面的参数来自外部的话就认为是漏洞。
ExternalInterface.call(FUNCTION_USEREXIT); //Flash的ExternalInterface.call()调用外部的JS函数
ExternalInterface.addCallback("checkExit", checkExit);
}
/**
* 监听浏览器关闭事件函数
* */
private static var FUNCTION_USEREXIT:String="document.insertScript = function () "
+ "{ " + "window.onbeforeunload = function() "
+ "{ " + "var flexObj = flex_chat.checkExit(); "
+ "if(flexObj != \"\") "
+ "{ " + "return flexObj; "
+ "}else{ "
+ "return; "
+ "} "
+ "} "
+ "} ";
/**
* 关闭浏览器时退出
* */
public function checkExit():String
{
var userExitStr:String="下次再见!";
return userExitStr;
}
]]>
</fx:Script>
<fx:Declarations>
<!-- 将非可视元素(例如服务、值对象)放在此处 -->
</fx:Declarations>
<s:Button label="send" click="Alert.show('so sth')"/>
</s:Application>
类似资料: