Hi Chris, thanks for your answer again, but unfortunatly i can't use Gadgets. I don't want to support 2 different systems of widgets and Gadgets.
So i still have to find a way to solve the XSS problem with directly using the opensocial API without gadget support. regards Andi On Jun 24, 3:52 pm, Chris Chabot <chab...@google.com> wrote: > Ah I was afraid you were trying to do that. > > In the interest of saving you a lot of time and headaches: Don't... really, > just don't. > > All the features JS code has been made for use through shindig and not > through direct inclusion, it depends on lots of security, configuration, > proxy and rpc data and methods being available, a dependency methodology > that does cross-feature dependency graph resolution and include ordering. > > Next to that the whole rendering process does a lot more then 'take a bit of > xml and turn it into html', the js injection is one small part of it, but > there's also data pipelining (parsing xml tags to see what social data > should be preloaded and injected), proxied content (fetching and properly > spec-consistently-caching html from developers servers based on the xml tags > in a gadget, often combined with data pipelining), templating (a JSP alike > template language that is parsed and processed on the server), and so much > more that would take much to much typing to even begin on doing. > > Following this path you would end up having to write tens of thousands of > lines of code to support all of that and end up re-implementing shindig your > self, and having the burdon of repeating that every time a new OpenSocial > spec comes out, while all of this is already available for you and done for > you (and if you want to contribute to that, please feel welcome too!). So > really this is *not* the way shindig is intended to be used. > > Step one, go back to using gadget xml files, render them through shindig by > pointing iframe src's to it, implement the social api and proper security > tokens (partuza is a very good example of all this), add something like a > gadget directory and optionally also implement the OAuth classes to support > server to server REST calls to your shindig server, and you're done. > > Not that that doesn't have it's own complexities, but that's infinitely > easier then reinventing it :) > > -- Chris > > On Wed, Jun 24, 2009 at 2:48 PM, Andi <andreas.schuet...@navteq.com> wrote: > > > Hey Chris, > > > thanks for your fast answer.... see my comments below, hope you can > > help me .-) > > > > Are you manually including shindig's javascript code from your gadget, or > > > what javascript code is coming from where? > > > Exactly. > > the current shindig Service is running locally for the moment at > >http://localhost:8080/ShindigTest/ > > > my widget is at another domain and includes all the single js files, > > here are a few as an example: > > "js/opensocial/opensocial.js", > > "js/opensocial/container.js", > > "js/opensocial/activity.js", > > > but theres a load more .-) > > > I'm not using the gadget stuff, so no xml Module etc. > > > inside the widget there's for example something like this: > > > init: function(){ > > ShindigContainer = function() { > > JsonRpcContainer.call(this, " > >http://localhost:8080/ShindigTest/ > > social", ""); > > }; > > ShindigContainer.inherits(JsonRpcContainer); > > opensocial.Container.setContainer(new ShindigContainer()); > > > this.getData(); > > }, > > > getData: function(){ > > var req = opensocial.newDataRequest(); > > var idspec = opensocial.newIdSpec({ "userId" : "myuserid", > > "groupId" : "FRIENDS" }); > > > var field_params = {}; > > field_params > > [opensocial.DataRequest.PeopleRequestFields.PROFILE_DETAILS] = > > [opensocial.Person.Field.PHONE_NUMBERS, > > opensocial.Person.Field.DRINKER]; > > > req.add(req.newFetchPersonRequest("a...@gypsii", > > field_params), > > "get_owner"); > > var params = {}; > > params[opensocial.DataRequest.PeopleRequestFields.MAX] = 50; > > params[opensocial.DataRequest.PeopleRequestFields.FILTER] = > > opensocial.DataRequest.FilterType.HAS_APP; > > > params[opensocial.DataRequest.PeopleRequestFields.SORT_ORDER] = > > opensocial.DataRequest.SortOrder.NAME; > > > params[opensocial.DataRequest.PeopleRequestFields.PROFILE_DETAILS] = > > [opensocial.Person.Field.ID, > > opensocial.Person.Field.NAME, > > opensocial.Person.Field.CURRENT_LOCATION]; > > > req.add(req.newFetchPeopleRequest(idspec, params), > > 'ownerFriends'); > > Req.Send( [this,this.onLoadFriends] ); > > }, > > > I will have a look at code.google.com/p/partuza now, it sounds a bit > > like it could answer many questions i have... thanks for the hint. > > > regards > > Andi --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---