Can anyone confirm that ExternalInterface works on the file: protocol, or point to some docs that say that it will not?
It's starting to look like this will not work.. this page says:
Scripting in either direction between local HTML files and local SWF files--for example, using the ExternalInterface class--requires that both the HTML file and SWF file involved be in the local-trusted sandbox. This is because the local security models for browsers differ from the Flash Player local security model.
And this is what it says about the local-trusted sandbox:
The local-trusted sandbox--Local SWF files that are registered as trusted (by users or by installer programs) are placed in the local-trusted sandbox. System administrators and users also have the ability to reassign (move) a local SWF file to or from the local-trusted sandbox based on security considerations (see Administrative user controls and User controls). SWF files that are assigned to the local-trusted sandbox can interact with any other SWF files and can load data from anywhere (remote or local).
So either a installer or user would have to put the swf in to a local-trusted-sandbox afaict..