Note that this is not an API for controlling the browser, despite its name. Rather, think of it as an AIR API that’s projected into the browser. Just goes to show you how much naming depends on your perspective.
Details are in the documentation, but here’s a couple of things to keep in mind:
- Applications are invisible to this API by default. If you want to make your application visible from the browser–and therefore to any website–you have to opt in via a declaration in your application descriptor.
- If you opt in, you are responsible for making sure your application can’t be exploited by web sites using this feature. Don’t use it lightly. The BrowserInvokeEvent you receive when invoked via this feature has properties to identify who invoked you so you can restrict responses to trusted sites.
Installing applications from the browser has been rolled into this same API and the new Beta 3 sample badge has been updated accordingly. Note that the older badges will not work with Beta 3.