[opensocial] Re: Any ideas on how to make this work?

Mon, 05 Nov 2007 09:21:46 -0800 

Thank you!
It works perfectly after I tell my PHP script not to convert the HTML
output into Javascript, that's how I test it for content anyway. Below
is the resulting script. It still needs code to convert the User
account name to parameters my script will understand, but that's very
easy or I may simply pass the UserId back to my server and do the
conversion there.

I'm not especially concerned about the spoofed UserId because there is
no personal content being displayed, however the ability to spoof the
User Id sounds like a major issue.
Arn


<?xml version="1.0" encoding="UTF-8" ?>
<Module>
  <ModulePrefs title="Event Schedule by Foobar.Org">
        <Require feature="opensocial-0.5" />
        <Require feature="dynamic-height"/>
  </ModulePrefs>
<Content type="html">
 <![CDATA[
<script type="text/javascript">
_IG_RegisterOnloadHandler(request);
function request() {
  var req = opensocial.newDataRequest();
  req.add(req.newFetchPersonRequest("VIEWER"), "viewer");
  req.send(response);
}

function response(data) {
  var viewer = data.get("viewer").getData();
  var name = viewer.getDisplayName();
  var thumb = viewer.getField(opensocial.Person.Field.THUMBNAIL_URL);
  var profile = viewer.getField(opensocial.Person.Field.PROFILE_URL);
  profile = 'http://sandbox.orkut.com' + profile;
  var html = '<img src="' + thumb + '"/>';
  html+='<a href="' + profile + '" target="_top">' + name + '</a>';
  document.getElementById('ContentDiv').innerHTML = html;
  Bid = 53;
 _IG_FetchContent('http://www.foobar.org/External.php?B='+Bid,
ScheduleLoad);
}

function ScheduleLoad(responseText) {
  document.getElementById('ContentDiv').innerHTML = responseText;
  _IG_AdjustIFrameHeight();
}
</script>
<div id='ContentDiv' />
]]>
</Content>
</Module>

On Nov 5, 11:33 am, Miron <[EMAIL PROTECTED]> wrote:
> The module should be assumed to be cached, so you can't do it that
> way.
>
> You can use the _IG_FetchContent call to hit your back end with a
> query parameter.  Note that there is currently no way to verify that
> the user ID is not spoofed.
>
<snippped>


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"OpenSocial Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to