Saturday, June 9, 2012

Walking up the Facebook login stack..

Put a breakpoint on the xdRecv handler inside all.js and you can see how the query

 1. Send the message to the parent window.
y.send(ca,x,parent,v);

ca = parameters specified in the initial window.open()
x = domainname
parent = parent window
v = 

2. Uses PosttMessage to send data.
v.postmessage('_FB_' + w + t, u)

3. Post-receiver receives the message.
  s.onMessage(v, w);

4. Decodes the query string (see QueryString decode() function) and converts into an object. Calls the ja(ga); function.
               h(function() {
                    if (typeof ga == 'string') if (ga.substring(0, 1) == '{') {
                        try {
                            ga = ES5('JSON', 'parse', false, ga);
                        } catch (ia) {
                            m.warn('Failed to decode %s as JSON', ga);
                            return;
                        }
                    } else ga = n.decode(ga);
                    if (!ha) if (ga.xd_sig == u) ha = ga.xd_origin;
                    if (ga.xd_action) {
                        ba(ga, ha);
                        return;
                    }
                    if (ga.access_token) k._https = /^https/.test(w);
                    if (ga.cb) {
                        var ja = k.XD._callbacks[ga.cb];
                        if (!k.XD._forever[ga.cb]) delete k.XD._callbacks[ga.cb];
                        if (ja) ja(ga);
                    }
                });
            }

No comments:

Post a Comment