Friday, August 5, 2011

Changes in Facebook's SWF code.

Yesterday evening (8/4/2011) at 9:55 pm, Facebook changed some code that affects its Flash code which is used by Internet Explorer to handle cross-domain communication:

1 /*1312412724,169546110,JIT Construction: v416050,en_US*/
1 /*1312520159,169918336,JIT Construction: v416929,en_US*/
22
33 if (!window.FB) window.FB = {
44     _apiKey: null,
3030             return FB._domain.api_read;
3131         case 'cdn':
3232             return (window.location.protocol == 'https:' || FB._https) ? FB._domain.https_cdn : FB._domain.cdn;
33         case 'cdn_foreign':
34             return FB._domain.cdn_foreign;
3335         case 'https_cdn':
3436             return FB._domain.https_cdn;
3537         case 'graph':
246248             for (var a = 0, b = FB.Flash._callbacks.length; a < b; a++) FB.Flash._callbacks[a]();
247249             FB.Flash._callbacks = [];
248250         };
249         FB.Flash.embedSWF('XdComm', FB.getDomain('cdn') + FB.Flash._swfPath);
251         FB.Flash.embedSWF('XdComm', FB.getDomain('cdn_foreign') + FB.Flash._swfPath);
250252     },
251253     embedSWF: function(d, e, b) {
252254         var a = !! document.attachEvent,
49524954         "api": "https:\/\/api.facebook.com\/",
49534955         "api_read": "https:\/\/api-read.facebook.com\/",
49544956         "cdn": "https:\/\/s-static.ak.fbcdn.net\/",
4957         "cdn_foreign": "https:\/\/connect.facebook.net\/",
49554958         "graph": "https:\/\/graph.facebook.com\/",
49564959         "https_cdn": "https:\/\/s-static.ak.fbcdn.net\/",
49574960         "https_staticfb": "https:\/\/s-static.ak.facebook.com\/",
49684971     "_minVersions": [
49694972         [10, 0, 22, 87]
49704973     ],
4971     "_swfPath": "rsrc.php\/v1\/yx\/r\/WFg56j28XFs.swf"
4974     "_swfPath": "rsrc.php\/v1\/yK\/r\/RIxWozDt5Qq.swf"
49724975 }, true);
49734976 FB.provide("XD", {
49744977     "_xdProxyUrl": "connect\/xd_proxy.php?version=3"


You can fetch the new SWF file at (note though that the diff above indicates that the SWF must now be downloaded by the browser from http://connect.facebook.net/RIxWozDt5Qq.swf):
wget http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/RIxWozDt5Qq.swf
By decompiling the SWF file using Sothink's SWF Decompiler (the unregistered version allows you to export up to the first two FLA files you designate to save), you can review the changes that were made.

diff PostMessage.as PostMessage_old.as

143,147d142
<         public static function extractPathAndQuery(param1:String) : String
<         {
<             return /^\w+:\/\/[^\/]+(.*)$""^\w+:\/\/[^\/]+(.*)$/.exec(param1)[1
];
<         }// end function
<
It also appears that the XDComm receiver must be downloaded/loaded from connect.facebook.net now, or at least originate from the facebook.com with an /intern/ URL specified.  Otherwise, the cross-domain receiver will not initiate.

diff XDComm.as XDComm_old.a
19c19
<             XdComm.fbTrace("XdComm Constructor", {url:stage.loaderInfo.url});
---
>             XdComm.fbTrace("XdComm Initialized", {});
28d27
<             var _loc_4:String = null;
31,50d29
<             var _loc_2:* = stage.loaderInfo.url;
<             var _loc_3:* = PostMessage.extractDomain(_loc_2);
<             if (_loc_3 != "connect.facebook.net")
<             {
<                 XdComm.fbTrace("XdComm is not loaded from connect.facebook.net
", {swfDomain:_loc_3});
<                 if (_loc_3.substr(-13) == ".facebook.com")
<                 {
<                     _loc_4 = PostMessage.extractPathAndQuery(_loc_2);
<                     if (_loc_4.substr(0, 8) != "/intern/")
<                     {
<                         XdComm.fbTrace("XdComm is NOT in intern mode", {swfPat
h:_loc_4});
<                         return;
<                     }
<                     XdComm.fbTrace("XdComm is in intern mode", {swfPath:_loc_4
});
<                 }
<                 else
<                 {
<                     return;
<                 }
<             }
188c167,174
<             return param3;
---
>             if (param2 == 0)
>             {
>             }
>             else
>             {
>                 return param3;
>             }
>             return;
192a179
>             traceObject(param2);

The different versions of PostMessage.as and XdComm.as are posted here:

http://bit.ly/kAJ7AJ (PostMessage.as)
http://bit.ly/ltGkTF (XdComm.as)

1 comment:

  1. Did you know you can shorten your long urls with AdFly and receive dollars for every visit to your shortened links.

    ReplyDelete