Skip to main content

JavaScript in Facebook applications

Facebook (finally) allowed Java Script in FB applications outside of IFRAME
http://wiki.developers.facebook.com/index.php/FBJS
Among other things, I liked how elegantly they are creating namespaces separating different applications on the same page. Seems that it cold be a security hole here - it is possible to enumerate java functions on the page and "impersonate" user actions with another apps installed on the same page. Other than that - it's great that we can use JavaScript outside of the IFRAME sandbox.

Comments

Lost in Translation said…
Facebook is a really cool application! You are there just for the research, right? :)

Nice blog!
September 28, 2007 at 7:50 AM
Unknown said…
Thanks for nice comment about the blog:)
For the Facebook, I am writing a custom app and thinking about (may be) some curriculum for a class on Facebook application development.
September 28, 2007 at 10:01 AM
Angelina said…
I am really inspired when I was writing a custom app and thinking about (may be) some curriculum for a class on Facebook application development.Thanks
Facebook Applications
December 13, 2011 at 12:53 AM
Post a Comment

Popular posts from this blog

Freebase Hack Day

Post a Comment
Read more

Posting to FaceBook feed using Graph API

Graph API was announced at F8 with a promise to dramatically simplify the FB API. I checked the read access over the new interface during the presentations and to my big surprise it worked flawlessly and from the first time. When I tried https://graph.facebook.com/facebook , JSON-formatted info about the FaceBook page was returned (as expected). Then I tried OAuth 2.0 way of accessing the API to post a message to the feed. And to my even bigger surprise it worked too! Here is what you need to do to access Graph API over OAuth: 1. Create a FB app, store app properties to a file: $appkey = '7925873fbfb5347e571744515a9d2804' ; $appsecret = 'THE SECRET' ; $canvas = 'http://apps.facebook.com/graphapi/' ; 2. Create a page that will prompt user the access permission (I am prompting for the publish_stream and offline_access permissions at the same time) //http://apps.facebook.com/graphapi/ require 'settings.php' ; $url = "https://graph.face...
14 comments
Read more

Facebook Friends Connect

Is a way to extend external sites to provide: FB identity FB friends (relationship) Feed to FB   Demo app at http://www.somethingtoputhere.com/therunaround User experience: login: js login method requiresession(): detects state of usr-FB relationship, log-in into FB if needed. If user has not authorised app - present app auth dialog. If already has session - just go init JS, require session   access FB data: - FBML on external site - use JS FBML parser and replace in browser DOM with FB data - JS based API to get FB data, REST API on the server site. Sessions work accross any API - only small subset of FBML us supported at the moment   adding social content: - use access API   Connections: app developers can suggest connections (using e-mail hash) user get connect request on FB Move content from external sites to FB app can register feed template (3 types of stories) call JS "showfeeddialog" to request user to confirm data sharing on FB. privacy protection: app ca...
Post a Comment
Read more