Google Can Now *See* The Text In Your Flash .SWFs: Things To Consider

I’d heard something about this a few weeks back, but today I decided to look into it more.  It seems that the Google Bots can now index .SWF files for text content.  While this seems to be good news for people who have shied away from creating Flash-Only sites because they wanted their content indexed, it could mean trouble for Flash developers.  From my cursory look at how this works, I noticed with a few of things for Flash developers to consider now that Google has this new capability.

  • JavaScript: Since Google’s Bot’s don’t execute JavaScript very well, it probably can’t access your .SWF for indexing…yet. This could be good or bad. If you want to hide the .SWF from Google. for the time-being you might be able to use a JavaScript . However, if you do want Google to index the content, you might have to consider removing the JavaScript and going for a simple . Google says they are working to resolve this, so it might not be an issue in the future.
  • External Files: It seems that the Google Bots can only see text content that is embedded in the .SWF at compile-time.  That means that anything loaded externally will not be indexed in the same way.   Google claims that it will index those loaded files separately, but if they are not in any kind of spider-path, how can that happen?  If you plan to have this content indexed be sure that it is included in the main .SWF file.
  • Hidden Text: Passwords, Keys, Etc: It was a common practice in the past for Flash developers to sloppily include passwords, encryptions keys, connection strings, directly in their .SWF files. This was already a bad habit because of the many .SWF de-compilers out there. However, if Google can now *see* this textual content inside your .SWF, you might be vulnerable in more ways than ever before. I’m pretty sure the ActionScript itself is not viewable, but if you place any sensitive information as Text content in your .SWF, it might be viewable to anyone who searches Google.
  • Page Embed: The link displayed by Google to your .SWF content is the same as the path the file that contains it, *not* to the .SWF itself. I’m not sure if this will be a problem, but it is something to consider.
  • Link Spidering: Google will attempt to follow links in Flash the same way it will try to follow links in HTML. Be aware of what you are linking to. Items that you might have hidden from view with links in Flash (but not HTML) might now be visible in Google searches. Google supposedly respects all rel=”nofollow” designations in HTML, but I’m pretty sure you cannot specify that parameter in ActionScript 2. ActionScript 3 though might be a different story. You Might be able to use URLRequest and add it to the requestHeaders)

So, that is all I have right now. It’s still pretty cool that Google can index. .SWFs now, but it also means that some re-architecture of some content might be necessary toeither make it work correctly, or to protect content that was not vulnerable in the past.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
This site is protected by Comment SPAM Wiper.