Swfobject is changing "&"(ampersand) to "&" How do I stop it?

Question

This is the object, generated by swfobject, that I want to embed.

<object type="application/x-shockwave-flash" 
name="player" 
id="player" 
data="StrobeMediaPlayback.swf?ID=89.41153136547655" 
width="470" 
height="320">
<param name="flashvars"
value="verbose=true&amp;src=rtmp://s161ki0ys7euuz.cloudfront.net/cfx/st/_definst_/vid_cdntest001?Signature=q-ZT9mWcIorCwGS4xgOysTyRXoUB2yza~JGITwCwx5O0JObgvlvS728vGXaI0iaow4OA8JRdFOBWYeeLQ5klYcjsWtgjzqH37ZVyV-5pyEUgT80DzWOOM9ZVfd2xBaZjISdn4cNk03FRBZ85~Z4zoEkp8MweE2HEzfrHnzZjoXlaulsPuphg59ANZCGQFneGfSI33dYhzTRDnbZbTZAGilLeu8gjtvfgm9hQ80E1zVd7wuHR8hX7or2ZjTgmDBaq4i-Nj8rJI0w3CIKAOu7JBggvclltbDnzMvy76s4Ef~GowYS7GB0p07Whi512GmGB9W1n6TqUBS-m8QK4vvqC~w__&amp;Key-Pair-Id=APKAJSRQXYNPUENHF6HQ&amp;Expires=1387470161&amp;urlIncludesFMSApplicationInstance=true">
</object>

It embeds the swf, but the swf isn't functioning as intended. My code is passing extra flashvars into the swf.

I'm tracing all the parameters/flashvars that are sent to the swf. I get this:

PARAMS: = verbose
PARAMS: = Expires
PARAMS: = src
PARAMS: = ID
PARAMS: = urlIncludesFMSApplicationInstance
PARAMS: = Key-Pair-Id

It's reading Expires, ID and Key-Pair-Id as flashvars, when those should all be part of the src param.

The cause is the value of the src flashvar:

rtmp://s161ki0ys7euuz.cloudfront.net/cfx/st/vid_cdntest2?Signature=rlBXiKxXRHwSha9YB~GZjyojy8gWZXO18Ea5JLZf1PHvuJFfQE617Ea-5aq8QVoVANaSetnoHQMja76ERxBowjG8cIYxWTGP-UBzP2v-k0hZghNGTtn~qSaFRaSHJGMG59ZKW2EobOHDQxV4r7k-ZG3vAJJpFRm7SoP980DRoJM7J6oAhCUKzZOgv6uRT-StsPORU2Ny3iUx7dIf~QWYBbzfcP1cPrZnzlSx~TqnWK4oYJCGmNHjYlVbCvmYAFCRc3oFzdywzGQKeQpwqHMhR1DSrEnzMjC48mFyFXyDp5TL1qhMVNUDX~d6Ds6PoysCXV7zG8QawSdWhzwDoj4Gng__&Key-Pair-Id=APKAJSRQXYNPUENHF6HQ&Expires=1387556045"

If you compare the rtmp url with my malformed code, It's changing & into & for some reason.

At these semicolon locations, it must be breaking apart the string and reading the following values as a different flashvar.

How can I stop this?

---

This is what I'm doing to build the malformed html:

$(document).ready(function(){
    callPlayer("rtmp://s161ki0ys7euuz.cloudfront.net/cfx/st/_definst_/vid_cdntest001?Signature=q-ZT9mWcIorCwGS4xgOysTyRXoUB2yza~JGITwCwx5O0JObgvlvS728vGXaI0iaow4OA8JRdFOBWYeeLQ5klYcjsWtgjzqH37ZVyV-5pyEUgT80DzWOOM9ZVfd2xBaZjISdn4cNk03FRBZ85~Z4zoEkp8MweE2HEzfrHnzZjoXlaulsPuphg59ANZCGQFneGfSI33dYhzTRDnbZbTZAGilLeu8gjtvfgm9hQ80E1zVd7wuHR8hX7or2ZjTgmDBaq4i-Nj8rJI0w3CIKAOu7JBggvclltbDnzMvy76s4Ef~GowYS7GB0p07Whi512GmGB9W1n6TqUBS-m8QK4vvqC~w__&Key-Pair-Id=APKAJSRQXYNPUENHF6HQ&Expires=1387470161");
});

function callPlayer(x){
    $("#PlayerHolder").html("<span id='PlayerDiv'></span>");

    var flashvars = {
        verbose:true,
        src: x,
        urlIncludesFMSApplicationInstance:true
    };

    var parameters = {};

    var attributes = {};

    attributes.name="player";
    attributes.id="player";

    swfobject.embedSWF("StrobeMediaPlayback.swf?ID="+Math.random()*100,"PlayerDiv","470","320","11.2","scripts/expressInstall.swf", flashvars, parameters, attributes); 
}

The correct html is generated by this page

Answer 1

Apparently, this is an issue that they won't fix. is in beta, and one that users are not very happy about.

The solution would be to validate the strings that you plan to send to your flashvars and escape problematic characters, like so:

$(document).ready(function(){
    callPlayer("rtmp://s161ki0ys7euuz.cloudfront.net/cfx/st/_definst_/vid_cdntest001?Signature=q-ZT9mWcIorCwGS4xgOysTyRXoUB2yza~JGITwCwx5O0JObgvlvS728vGXaI0iaow4OA8JRdFOBWYeeLQ5klYcjsWtgjzqH37ZVyV-5pyEUgT80DzWOOM9ZVfd2xBaZjISdn4cNk03FRBZ85~Z4zoEkp8MweE2HEzfrHnzZjoXlaulsPuphg59ANZCGQFneGfSI33dYhzTRDnbZbTZAGilLeu8gjtvfgm9hQ80E1zVd7wuHR8hX7or2ZjTgmDBaq4i-Nj8rJI0w3CIKAOu7JBggvclltbDnzMvy76s4Ef~GowYS7GB0p07Whi512GmGB9W1n6TqUBS-m8QK4vvqC~w__&Key-Pair-Id=APKAJSRQXYNPUENHF6HQ&Expires=1387470161");
});

function callPlayer(x){

    $("#PlayerHolder").html("<span id='PlayerDiv'></span>");
    x = x.replace(/&/g,'%26');
    var flashvars = {
        verbose:true,
        src: x,
        urlIncludesFMSApplicationInstance:true
    };

    var parameters = {};

    var attributes = {};

    attributes.name="player";
    attributes.id="player";

    swfobject.embedSWF("StrobeMediaPlayback.swf?ID="+Math.random()*100,"PlayerDiv","470","320","11.2","scripts/expressInstall.swf", flashvars, parameters, attributes); 
}

Or you could use the unofficial fork beta, or simply wait until they fix it.

The debate over whether or not it should be fixed is quite interesting, though.