Particles In Motion | Fullscreen Limitation

Fullscreen Limitation
Posted: 2009-04-08 00:00:00

Oh Adobe... sometimes I really hate the things you try to do to sandbox a flash application. First it was the crossdomain.xml file (which still is annoying) and now it is limiting what is allowed when running in fullscreen mode.

When you set the application's stage.displayState to StageDisplayState.FULL_SCREEN, you can no longer catch keyboard events; not to the stage, not to a component, not even a text input box. The reasoning behind this is that if you are an "evil" programmer, you might make a web page in flash or flex that looks exactly like a bank or something to steal information. Seriously?!

First off, it's difficult enough to make a flash or flex application that, well, doesn't look like a flash or flex application. It is WAY easier to actually just capture the html and images from a target site instead of taking the time to replicate an entire site in flash. If you are on the receiving end of a phishing scam from a flash website, and you don't look at the url, and you don't notice that there are several tell-tale signs something is different with the site or the effects when you click on things, honestly, you pretty much deserve to be scammed.

Second, for some reason Adobe is all about making the programmer's life difficult. There is the crossdomain.xml file that comes to mind right off. In most every other web language out there, you can talk to services on the web regardless of where they are hosted. I can connect to a SOAP or REST endpoint with .NET in a couple lines of code, no matter where it is hosted. The only exception here is if the service is using a form of security, WSA-Security, Windows Auth, forms auth, etc etc. Flash and Flex require that you be explicitly white listed to a service - especially annoying when you are running an application through proxy soup to get to your services and you have to make sure that crossdomain file is correct across all different proxy paths. Also annoying when you want to connect to your own services and have to make sure that the file is there. The person hosting the service really should put some form of security on their services if they don't want people to access them that will work for all languages. I would say that on just about every project I've worked on with others, the topic of crossdomain files has come up at least once in that someone forgot to put one somewhere and the application dies.

When you make an application go full screen in flash, you also get the message "Press Escape to Exit Fullscreen" -- that honestly should be good enough to let a user know that they are in flash. Adobe, please, listen to the people pushing to make your products better and get rid of these annoyances that we have to code around every single day, because, honestly, you have competition starting up with Silverlight, and if you don't start making your products better to use, people aren't going to use them.

Back to the main page