TwelvestoneFlash

clickTAG code comparison

Sign in

Not a member? Sign up
Forgot your password?
Didn't receive confirmation instructions?
  • Waiting for Godot ( 730 k posts )
    Just conversation.
  • Thunder Dome ( 23 k posts )
    Photoshop Tennis and Collabs.
  • Photography ( 5.1 k posts )
    For all you shutterbugs, sh...
  • Flash ( 18 k posts )
    ActionScripting to tweens, ...
  • Front End ( 5.9 k posts )
    general front end design an...
  • Back End ( 9.7 k posts )
    serverside scripting, progr...
  • Projects and Theory ( 12 k posts )
    This forum is for discussio...
  • FAQ ( 269 posts )
    All those nagging questions...
  • Design ( 17 k posts )
    graphics & all aspects of g...
  • Purgatory ( 3.6 k posts )
    12stone Jail, feel free to ...
dave_boo
 
2008-05-21

I apologize ahead of time if:

1) This question amounts to 'do we have free will?' or ...

2) I insult anyone's intelligence by stating the painfully obvious.

So here goes ...

This is the standard clickTAG code that would be applied directly to a 'button.' This code is used by ad delivery software to route click-throughs to the appropriate web site.on (release) { getURL("http://"+clickTAG, "_blank"); }

This is a variant of the clickTAG code that I came across the other day. on (release) { if (clickTag.substr(0, 5) == "http:") { getURL(clickTag); } }

My questions are:

1) What situation would call for using substring method?

2) Is there any obvious benefit to this approach?

Thanks for any info you may be able to provide.

persist
 
2008-05-21

"_blank" is also no longer a reliable form of opening a new window from flash. You'll want axual JS to open a new window so that popup blocker/handlers can allow the domain to make pop-ups if the user so chooses.

I would have preferred to see the developer use (clickTag.indexOf("http:")==0) since we just want to see where the substring is, if it is there at all. We already know what the string is, why the heck would we test as a comparison with substr?

Plus I like to use ==0 everywhere I can in client code.

o.0

Arsis
 
2008-05-21

Note: The ActionScript in this Flash advertisement is verifying that the clickTAG URL begins with "http:". This is an important security measure. If you do not take this precaution, a malicious HTML page could source your SWF and pass a clickTAG URL that begins with "javascript:" or another scripting pseudo-protocol. If your ActionScript code were to call getURL with a maliciously crafted JavaScript URL, it would be possible for the site serving the malicious HTML page to obtain the contents of your HTTP cookies or perform other actions on your site's behalf.

From:http://www.adobe.com/resources/richmedia/tracking/designers_guide/

Though the examples use AS that was deprecated in Flash 6 and as I know nothing about clickTAG I can say that this information is still relevant or the best approach.

persist
 
2008-05-21

or that.

:|

:thumbsup:

dave_boo
 
2008-05-21

excellent - thank you all. k

and special thanks for the link, Arsis. :nunchuck:

Sorry, you must be a member to post to a conversation. Either log in or sign up to get involved.
TwelvestoneFlash

clickTAG code comparison

Powered by Twelvestone Hosted Forums