cross-domain? Firefox reports Permission denied to call method Location.toString

[GoogleCodeExporter]

What steps will reproduce the problem?
1. create a html with iframe, put it on domain A
2. point the iframe.src to domain B 
3. put the html with swfobject on domain B

What is the expected output? What do you see instead?
I expect no errors. The flash is loaded fine, and everything works, except
that I get that error message.

What version of the product are you using? On what operating system?
I can reproduce this with 2.1 and 2.2 beta 1 (with which I get two other
errors in the same scenario).

Please provide any additional information below.
I can set up an example or test this or anything, just ask.

Regards,
gasper

Original issue reported on code.google.com by gasper.kozak on 29 May 2009 at 2:40

[GoogleCodeExporter]

There are certain cross-domain scripting security restrictions, so I would 
expect
this behavior. What makes you think this a SWFObject related issue that we can 
fix?

Original comment by bobbyvandersluis on 30 May 2009 at 8:31

[GoogleCodeExporter]

I'm very much aware of cross-domain restrictions, I deal with them every day.

The reason why I think this is a SWFObject issue is that if I paste the 
generated
HTML code by hand, I don't get the error. So I figured this must have something 
to do
with the Javascript that generates the objects, and attaches them to the DOM. 
And
since creating objects via DOM and adding them to the document itself doesn't 
cross
any domain boundaries (it's all done in one document, on the domain B), I think 
that
having that document B hosted within an iframe of domain A shouldn't really 
affect
anything. I'm not certain it's an SWFObject error, but looks like it.

Original comment by gasper.kozak on 30 May 2009 at 10:38

[GoogleCodeExporter]

Hi, it seems that this is actually a Flash plugin issue. I didn't check 
everything,
before I posted here, sorry for that.

See also:
  - bug entry http://bugs.adobe.com/jira/browse/FP-561
  - a possible solution http://www.west-wind.com/WebLog/posts/408827.aspx

Original comment by gasper.kozak on 1 Jun 2009 at 7:48

[GoogleCodeExporter]

No problem and thanks for the feedback, I will add this to our FAQ.

Original comment by bobbyvandersluis on 1 Jun 2009 at 7:33

[GoogleCodeExporter]

FAQ item has been added.

Original comment by bobbyvandersluis on 2 Jun 2009 at 9:36

• Changed state: Invalid

[GoogleCodeExporter]

The issue that I've been trying to resolve sounds the same as above. I'm using a
Iframe on A, getting page on B that contains flash contents and gettign 
Permission
denied for '<>'... in firebug.  I've done some testing using an earlier release 
of
swfobject (1.4.4) and error is gone. I've also did testing opening permissions 
on my
crossdomain.xml policy, and error was still present. 

Original comment by jkas...@gmail.com on 6 May 2010 at 4:48

[GoogleCodeExporter]

@#6 - This is not a swfobject related issue. Your settings between 1.4 ans 2.x 
must be 
differnt. SWFObject does not alter any security related settings for the Flash 
player. 
This is up to you.

Original comment by aran.rhee@gmail.com on 7 May 2010 at 7:34

[GoogleCodeExporter]

I have been doing some in-depth testing and this appears to be an issue with 
that Flash Object itself, not SWFObject. Removing all instances of SWFObject 
from the page and using the static publishing method still generates the same 
error. Has anyone been able to resolve this? Luckily this error doesn't seem to 
break the page, but it would be great to not have any errors thrown for Flash 
objects loaded within an iframe on the page.

Original comment by ryanhef...@gmail.com on 21 Oct 2010 at 4:27

[GoogleCodeExporter]

Please see the links in my post from Jun 01 2009. It appears to be a Flash 
issue, and we're waiting for Adobe to fix it, which apparently isn't going to 
happen ...

Original comment by gasper.kozak on 21 Oct 2010 at 6:13