Is there a security restriction that would prevent calling JS in the HTML/JS wrapper from AS via ExternalInterface and pass it JS functions and inject the JS that way instead of loading an external .js file? I've been wanting to try that someday but never found the time.
Some people apparently use eval() in conjunction with ExternalInterface, which I guess is the solution. You can inject JS functions and call them via that mechanism.
My reply was a too simplistic - thinking about flash runtime without the browser.
It may be that that is enough for the OP.
Yeah, you can do this (without eval), as long as you are in a JS environment like a browser. Here's an example:
In order for this to work the SWF must be allowed to via allowScriptAcces in the embedding HTML. There are good reasons to use this technique but not as a general workaround if you don't control the embedded HTML.