The dialog you are getting usually comes from a Flash attempt to connect to the Internet. Since you are attempting to use only offline sources (at least that's what it sounds like), you should not be seeing that dialog.
You'll have to eliminate all on-line links from any of the code used to place the Flash on the page.
Httrack should get all CDN and head sources to save locally so that shouldn't be a problem.
Thanks for the replies, people!
Having captured the site with httrack, I've been stripping out all unused / online references (sharing, ASP junk, opengraph, polls, etc).
I believe there are no online connections left - do I understand you guys correctly that if the page doesn't try to connect to the web AT ALL, then the local content will play without requiring me to manually whitelist it?
I'm not actually getting a popup dialogue, rather, flowplayer loads blank, because the player swf doesn't have access to the local content until explicitly allowed under global settings...
The original site: http://quit.nosmokes.com.au/
Here's a screencast of the process I want to avoid:
Are you certain flowplayer itself is not contacting any internet source? Freeware may tend to do that for metrics but would be stated in the EULA.
An easy way to know is to download something that can sniff all http and https traffic (assuming they wouldn't go low level tcp or udp).
It has demo videos because it's pretty low level software to show you how to look for http requests that are going out of your NIC. All of them, from every application, or you can target specific applications. That can help you find out if anything is being loaded externally.
Great concept - hadn't thought of that! I've got Wireshark installed, though I don't know a great deal about it...
I've shut down a number of apps creating noise (twitter, thunderbird, dropbox, etc) but I'm still seeing action sporadically, even if I do nothing.
I can confirm that (on occasion) I can refresh the page in question, and capture zero packets
I've switched to using the html5 player from http://videojs.com/ so ie9+, chrome and safari won't need flash, but I'm still having issues with the noncompatible browsers (the schools are likely to run IE.. maybe not up to date!)
I haven't been able to confirm: does flash ALWAYS need local content to be authorized, or does it only require authorization if the webpage attempts to connect to the web? My original impression was the former...
Have you tried disabling the media portion (whether flowplayer or videojs, etc) to see if that's what is even the issue? I think you should begin to comment out easy parts to remove from the app until you really isolate where this dialog is being generated.
There's a few situations the dialog can come up but ultimately flash thinks you're trying to load content off an alternate, untrusted source. You need to isolate what that is.
hmm... well, this last test is pretty conclusive - I've stripped the page back to just the player, as you suggested, and the page is definitely not connecting anywhere.
I should clarify that the settings window is not a popup, but comes up with a right-click > Global Settings...
I think I'm barking up the wrong tree - I guess if the purpose of the security settings is to keep local files safe from (potentially malicious) flash, then it doesn't make sense to allow content to be pre-whitelisted - otherwise the bad guys would do it! I'm happy that html5 has helped 55%+ of my users - the others can download chrome
thanks for your help! Tim
Haha I assumed being you were here that you were containing viewing all this HTML inside a Flash application (Projector or AIR). So this has literally been about directly loading HTML files into a browser and you thought the flash flowplayer was the issue about loading the HTML/Video/SWF off the DVD?
Sorry, I assumed you were using flash for this being the flash forum.. That's why I mentioned StageWebView (the way you'd display HTML pages inside a flash application). It wasn't making any sense as I've done this quite a bit with no issues.
Browsers treat the viewing of offline content poorly. They always have. IE is extremely suspicious about everything and anything, especially something that requires an activeX (flash) to load binary content. If it's just pictures and text IE is fine, but once you load a SWF you're requiring IE to load an activeX plugin that it cannot guarantee won't harm your system (even if it is flash, it needs to treat it agnostically).
If you can't wrap the site inside an application and want to directly view it off a DVD you will never completely get around all browsers jobs. Their job is to inform you when the browser is about to "lose 100% control" over the content, e.g. load a plugin. HTML5 will solve that as you said.
In fact you may even stick your DVD in, browse to a SWF or media file, right-click, hit properties and see that it is considered untrusted content in Windows (although I see you're on a Mac in the video). On Windows with standard security you are prompted with extra dialogs and sometimes even need to press an "Unblock" button on these files for them to even be allowed, depending on your security.
Again sorry for misreading. You won't get around the issue you're having and trust me, you want your browser to distrust everything without your permission.