Talk:JavaScript Client Library

From Facebook Developers Wiki

Jump to: navigation, search

WARNING: This library overloads the Array prototype, it will very likely BREAK any of your code that uses Arrays! I hope they fix this, it would surely be handy, but as it is, NO WAY!


BUG IN SAMPLE CODE: Looks like the recent changes in friends get API caused the sample code to break. friends_get method now takes not one, but two paramaters. first one is a friends list ID (flid) that must be set to null if you don't use this feature of the API.

The sample seems to run with this change: 

api.friends_get(null, function....);

Alexis 6 Feb, 2006



How does this work without requiring the app's secret key? Surely there's potential for abuse here, particularly with the Data Store API? --Bryan 06:59, 26 January 2008 (PST)

I just started looking into the Facebook API, but I think you would control it by setting the "IP Addresses of Servers Making Requests" option for your app. -- 7907848 16:54, 26 January 2008 (PST)
The JS client library redirects the user to Facebook, and Facebook redirects back to the app's official callback URL with a session key that's used in the actual FB API calls. A badguy imitating your app won't be able to get a session key because Facebook only passes the key to the legit callback URL. Clever on Facebook's part.
As I understand the model, it does allow clever users do stuff to their own account in your app's name -- for example, they could replace the FBML in your app's box on their profile with "haha i r00l", if you have an iframe app. Re: Bryan's question, seemingly that could allow naughtiness with the Data Store API for iframe apps that assume content of misc tables is secret from users. It may make cross-site scripting vulnerabilities a little more obvious to exploit.
Another curiosity: after reading about this today I realized it's always been possible to have Facebook apps hosted outside Facebook, by using JavaScript to break out of an fb:iframe (the server just had to make the API requests). I wonder whether that approach was OK according to Facebook then, and whether it is now. (Bryan points out below that Facebook apps on external websites are old hat.)
I'm a mite scared of this Script# stuff. The library works, but I wonder if they've drunk too much MS Kool-Aid, and whether there's any reasonable way to get compact JS out of Script#.551070112 22:26, 28 January 2008 (PST)
Apps outside of Facebook is nothing new. Before the API in it's current incarnation, that's all there was. Have a look in the app directory and there's a section specifically for external websites --Bryan 08:44, 29 January 2008 (PST)
Ah, so I see. Pretty basic -- silly me for not having looked at that earlier. 551070112 13:44, 29 January 2008 (PST)

Is anyone else a bit puzzled about the example code using the textarea? http://developers.facebook.com/news.php?blog=1&story=73

The output of the API call is never passed to the textarea. The popup works just fine though.

The Debug.dump() call should write to whatever object has id "_traceTextBox", in this case the textarea they created at the beginning. 4000103 13:52, 28 January 2008 (PST)

Here is the sample code for getting the current user’s friends list. 

<!-- Output area to show the output from Facebook API -->
<textarea style="width:500px;height:300px;" id="_traceTextBox"></textarea>

<script src="http://static.ak.facebook.com/js/api_lib/FacebookApi.debug.js" type="text/javascript"></script>
<script type="text/javascript">
// Create an ApiClient object, passing app’s api key and
// a site relative url to xd_receiver.htm
var api = new FB.ApiClient('<insert_your_app_key_here', '/xd_receiver.htm', null);
        
// require user to login
api.requireLogin(function(exception) {

    window.alert(“Current user id is “ + api.get_session().uid);
  
    // Get friends list  
    api.friends_get(function(result, exception) {
      Debug.dump(result, 'friendsResult from non-batch execution ');  
    });       
});
</script>

Hmmm... does the code work for you?

There is an error in the javascript library (FacebookApi.debug.js). The photos_getAlbums method has in error in the last line. The name of the function to call has an extra space in the end which must be removed, otherwise you get an error "Unknown method".

The sample code on http://wiki.developers.facebook.com/index.php/JavaScript_Client_Library fails for me in FacebookApi.Debug.js on the line 4153: 


_callMethod$1: function (method, parameters, executeUnit) {
 var jsonRequest = this._generateJsonRequest(method, parameters);
 if (typeof(executeUnit) !== 'function') {
   var pendingResult = new FB.PendingResult();
   executeUnit._api = this; <<<<<<<<<<<<<<<<<<<<<<<<<< executeUnit has no properties
   executeUnit._addStep(jsonRequest, pendingResult);
   return pendingResult;
 }


I've simplified the hasnler of friends_get call to be: 

 api.friends_get(function(r,e) {window.alert("executed!");});


what's odd abut this is the condition 

if (typeof(executeUnit) !== 'function') {

on the line 4151. Me reading of the code it looks like it should have went into an "else" clause since a funciton object is passed into friends_get method


anyone else has this issue?

I'm failing on function FB_ReceiverApp$main(), which is the function in xd_receiver.htm. It fails on: 

var func = null;

55 try { 56 func = hostWindow.FB.XdComm.Server.singleton.onReceiverLoaded; 57 } 58 catch(e) { 59 func = null;

Ad exception is thrown: TypeError: hostWindow.FB has not properties message.

Anybody knows why?

Solved it! Apparently, my url string for xd_receiver.htm. I thought to give it as relative to the index.htm I used, but it didn't work, so I gave up an used an absolute URL.

Retrieved from "http://wiki.developers.facebook.com/index.php/Talk:JavaScript_Client_Library"