Does ExternalInterface work on the file: protocol?

Question

Can anyone confirm that ExternalInterface works on the file: protocol, or point to some docs that say that it will not?

Answer 1

It's starting to look like this will not work.. this page says:

Scripting in either direction between local HTML files and local SWF files--for example, using the ExternalInterface class--requires that both the HTML file and SWF file involved be in the local-trusted sandbox. This is because the local security models for browsers differ from the Flash Player local security model.

And this is what it says about the local-trusted sandbox:

The local-trusted sandbox--Local SWF files that are registered as trusted (by users or by installer programs) are placed in the local-trusted sandbox. System administrators and users also have the ability to reassign (move) a local SWF file to or from the local-trusted sandbox based on security considerations (see Administrative user controls and User controls). SWF files that are assigned to the local-trusted sandbox can interact with any other SWF files and can load data from anywhere (remote or local).

So either a installer or user would have to put the swf in to a local-trusted-sandbox afaict..

Answer 2

By default, ExternalInterface will throw Security Error #2060 if you try to use it from a file:// page. However, if you add the <param name="allowscriptaccess" value="always"/> option to your embed, it should be able to talk to JavaScript.

The docs on ExternalInterface reference this, in the exception documentation for addCallback() and call().

EDIT: After discussing this further in the comments below, it appears that, although this works for me on Mac, it does not work on Windows. Erik's answer gives more details on why this is failing.