These forums are now Read Only. If you have an Acrobat question, ask questions and get help from one of our experts.

Rich media in PDF e-seminar question

synergy
Registered: Feb 23 2007
Posts: 33

Hi all,

I've just looked at the 'Rich media in PDF' seminar, by Chris Converse, from the home page and after doing some tests I have the following questions and observations.

When demonstrating how to link SWF content in a PDF to an external XML file (on a server) it appears that Reader 9.3 onwards, that uses enhanced security by default, will only give 2 security alerts when used with a cross domain XML file on the root of the server - alert #1 for the cross domain XML file and alert #2 for the XML file that the SWF references.

This looked really promising for those of us who used to stream XML referenced content into PDFs from a server prior to Reader 9.3. The default enhanced security from 9.3 onwards now requires the user to click the the 'Remember my action for this site' checkbox as just clicking the 'Allow' button will give the user a never ending series of security alerts for each piece of content that the XML file references - not good!

However after some initial testing I've found that using the FlashVars option pointing to an external XML file (as demonstrated in the video) will only allow you to bring in changed text from the XML file and not any other resources that the XML file refers to.

For example if you used an XML file to bring in text and pics to a SWF that you had embeded into a PDF and put the XML and pics onto a server with the correct cross domain xml the demo give sthe impression that you could update the text and pics on the server and whenever the PDF opened it would, after 2 alerts pull the updated content into the PDF - just like it used to prior to Reader 9.3.

As far as I can see from my testing only the text would change as any time that the XML file asks for a pic from the server the PDF throws up another alert. The only time this didn't occur was if the pic was already contained within the PDF as a 'Resource' for the SWF. If all resources other than text have to be bundled into the the PDF then what is the benefit of using a cross domain xml path to access an external (server based) XML file?

Synergy.

UVSAR
Expert
Registered: Oct 29 2008
Posts: 1357
It's the way it works - every unique URL that a PDF document tries to connect to will prompt the user with a dialog box, so if it's going after a whole series of images with ever-changing names, the popups will keep coming. The crossdomain.xml file has no bearing on PDF security prompts at all, it simply grants Flash permission to scrape text content from a webserver. The rule was introduced to stop Flash apps stealing TEXT data from other sites without the author's express permission, and doesn't apply to images or video files.

In Chris' seminar he shows an XML file being accessed [i]remotely[/i] to read just the XML data itself (for the map example) and an XML file that defines images to load (the Zoomify example) where both the XML file [i]and[/i] all the images are embedded into the Flash annotation's resource array. That's why you don't see the popups appear on his documents.

The idea of always firing a popup message is central to the Acrobat security model, as otherwise you could be caught out by a PDF that asks to load an innocuous file, then once it has permission goes off and loads all manner of other material from the same domain that you don't want to access.