DescentBB
http://www.descentbb.net/

Quirks of Facebook (and google)
http://www.descentbb.net/viewtopic.php?f=7&t=19940
Page 1 of 1

Author:  sdfgeoff [ Tue Oct 30, 2012 10:31 pm ]
Post subject:  Quirks of Facebook (and google)

Well, I like IRC, and use it quite a bit, so I've been creating custom pages to put it on.

In an online browser game I play, I made a page that will load chat down the bottom, and the game up the top. That works fine.
So how about facebook? Well, facebook doesn't load in a frame.
So I tried to load google so I could then find facebook. No such luck, google didn't work either.

I was now wondering if my code was wrong.
But I tried one more: duckduckgoo.com
That loaded fine, and from there I tried to access both facebook and google.
Facebook loaded, but overwrote the frameset.
Google didn't load at all.

How can a page even detect that it's in a frame?
Why would a page guard against it, I can't see it being a security risk.

If you are interested, the code I used:
Code:
<head>
<title>sdfgeoff's chat bar</title>
<meta name='author' content='sdfgeoff'>
<meta name='date' content='30 October 2012'></meta>

<frameset rows="*,300">
  <frame src="http://duckduckgoo.com" name="PG">
  <frame src="http://widget00.mibbit.com/?settings=bdf88975c778a8d1535311aebda07265&server=irc.mibbit.net&channel=%23DEEP_Space&nick=Friend_23%3F%3F&noservernotices=true" name="Chat">
</frameset>
</head>
<body>
</body>

Author:  sdfgeoff [ Tue Oct 30, 2012 10:32 pm ]
Post subject:  Re: Quirks of Facebook (and google)

Oh, and the facebook html source code is an absolute nightmare. I think they deliberately made it impossible to read.
Google is the same

Author:  Isaac [ Tue Oct 30, 2012 10:38 pm ]
Post subject:  Re: Quirks of Facebook (and google)

By the powers invested in me, I call upon the titans to move thy thread into the proper section. Arise, Jeff! Arise!

edit: I'd stay away from frames and do some kind of ajax get function, but I'm a noob so I'll stfu

Author:  sdfgeoff [ Tue Oct 30, 2012 10:40 pm ]
Post subject:  Re: Quirks of Facebook (and google)

yeah, sorry, this is more Tech than Cafe

Author:  Isaac [ Tue Oct 30, 2012 10:44 pm ]
Post subject:  Re: Quirks of Facebook (and google)

Wha? Tech? That's hardware and closed source software you bought at Walmart.

Let me welcome you to the coders corner: viewforum.php?f=7

Author:  Jeff250 [ Wed Oct 31, 2012 1:11 am ]
Post subject:  Re: Quirks of Facebook (and google)

Look into the X-Frame-Options HTTP header.

Isaac wrote:
Arise, Jeff!


As a mod, I can't move stuff *into* my forums, only out of...

Author:  roid [ Wed Oct 31, 2012 3:14 am ]
Post subject:  Re: Quirks of Facebook (and google)

i thought the ability to detect you were in a frame and/or force a page refresh was a Java thing, can facebook work without java? I'd try that out.

But with html5 in the mix too thesedays i guess everything gets more complex. So who knows if it's java now or what

Author:  Isaac [ Thu Nov 01, 2012 3:45 pm ]
Post subject:  Re: Quirks of Facebook (and google)

roid wrote:
i thought the ability to detect you were in a frame and/or force a page refresh was a Java thing, can facebook work without java? I'd try that out.

But with html5 in the mix too thesedays i guess everything gets more complex. So who knows if it's java now or what


java!=javascript

Author:  Valin Halcyon [ Thu Nov 01, 2012 4:24 pm ]
Post subject:  Re: Quirks of Facebook (and google)

The reason is less honorable pages used to use frames to "hijack" a major page, like FB or Google and put ads around it. It was unethical, and a major legal issue. The ability to detect someone trying to do that was quickly added to the DOM, and rapidly adopted to prevent the problem.

Author:  Thenior [ Sat Dec 01, 2012 9:33 pm ]
Post subject:  Re: Quirks of Facebook (and google)

Valin is right, most browsers won't even let you load cross-domain ajax. Think about all the scams that could be done...

Author:  Jeff250 [ Sun Dec 02, 2012 2:37 pm ]
Post subject:  Re: Quirks of Facebook (and google)

The question is about cross-domain frames, which are allowed, unless the framed response includes the X-Frame-Options HTTP header (which Google and Facebook *do* include), or, as Valin points out, you have javascript enabled and the framed page has some script to try to detect if it is framed.

Page 1 of 1 All times are UTC-06:00
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/