Has anyone had any experience using the nw-flash-trust module in Electron?


I’m attempting to use the NW-Flash-Trust module in my Electron application. Using the API, it creates a #Security/FlashPlayerTrust/security.cfg file for me within the application, but for some reason SWF videos do not seem to be able to see the new permissions. I need them to be able to interact with external JS scripts.
My pepflashplayer64 file is kept within the resources folder of my Electron application. I have a feeling it may be because I’m using an internal flash file to enable Flash within Electron, rather than the one installed on a computer, but I am completely unsure of how to solve this problem.


Did you figure out your issue? I was planning on using that module as well with Electron.


The latest commit for NW-Flash-Trust (https://github.com/szwacz/nw-flash-trust/commit/d4df256dcfe51ed2cad91aa509d949dc76d01739?diff=split&short_path=04c6e90) was what enabled it to work with Electron; this commit allows one to specify a custom path to place the #Security folder.

For Electron, most ppl use Pepper Flash (https://electronjs.org/docs/tutorial/using-pepper-flash-plugin), which requires the #Security folder not to be in the NW-Flash-Trust default folder (return process.env.HOME + '/Library/Preferences/Macromedia/Flash Player'), but instead your application support folder ('/yourApp-data-path/Pepper Data/Shockwave Flash/WritableRoot').

My custom path for Pepper Flash ended up being ${process.env.HOME}/Library/Application Support/<app-name>/Partitions/<myApp>/Pepper Data/Shockwave Flash/WritableRoot.

One can find their app location by doing a global search of their file structure for any of the specific folder (for unix, one could use the CLI command find . -type d -name Shockwave\ Flash


With the above I was able to events emitted by Flash, but not control it (toolbar at the bottom of the video). To achieve control, one also need to place the path the HTML files (or the bundles they are in) into the config file as well, “Scripting in either direction between local HTML files and local SWF files—for example, using the ExternalInterface class—requires that both the HTML file and SWF file involved be in the local-trusted sandbox. This is because the local security models for browsers differ from the Flash Player local security model.” (https://help.adobe.com/en_US/ActionScript/3.0_ProgrammingAS3/WS5b3ccc516d4fbf351e63e3d118a9b90204-7e3f.html).

Thus, I had to add the bundle using “trustManager.add(path/to/asars)”