Flash will cause DOM error and not load in IE9 when content type is application/xhtml+xml

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create a page on a server where the response type is valid 
application/xhtml+xml (this is *not* reproducible locally)
2. Use SWFObject to embed a swf with more than one flashvar on that page
3. Load page in IE9 -> swf does not load

What is the expected output? What do you see instead?
IE9 does not escape the & sign in the flashvars param, causing a DOM error

What version of the product are you using? On what operating system?
SWFObject v2.2, Windows 7 (Flash 10.2 and IE9)

Please provide any additional information below.
Fix:
Change
aa.outerHTML='<object 
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"'+ah+">"+af+"</object>";
To
aa.outerHTML='<object 
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"'+ah+">"+af.replace(/&/g,"&a
mp;")+"</object>";

IE9 is the first version of IE to support the application/xhtml+xml content 
type, and since SWFObject does not use appendChild to create the <param /> 
nodes, the JS errors out with invalid JS.

Original issue reported on code.google.com by evangel...@gmail.com on 26 Apr 2011 at 12:00

• Merged into: #66

[GoogleCodeExporter]

Thanks for the submission. 

Unfortunately your proposed fix of af.replace(/&/g,"&") is not as simple as it 
seems; what if the user manually specified flashvars as an item in the 
parameter object, and already used entities instead of ampersands? You could 
wind up with &

There is a similar discussion about encoding occurring in issue #66; while it 
isn't the exact same discussion -- yours pertains to application/xhtml+xml 
while the other focuses purely on flashvars -- they both involve the stickyness 
of encoding flashvars and deciding when/where to encode.  I believe it's close 
enough to merge this issue with #66.

Original comment by platelu...@gmail.com on 14 May 2011 at 8:21

• Changed state: Duplicate