August 5, 2011

Yesterday evening (8/4/2011) at 9:55 pm, Facebook changed some code that affects its Flash code which is used by Internet Explorer to handle cross-domain communication:

1    /*1312412724,169546110,JIT Construction: v416050,en_US*/
  1  /*1312520159,169918336,JIT Construction: v416929,en_US*/
2 2  
3 3  if (!window.FB) window.FB = {
4 4      _apiKey: null,
30 30              return FB._domain.api_read;
31 31          case 'cdn':
32 32              return (window.location.protocol == 'https:' || FB._https) ? FB._domain.https_cdn : FB._domain.cdn;
  33          case 'cdn_foreign':
  34              return FB._domain.cdn_foreign;
33 35          case 'https_cdn':
34 36              return FB._domain.https_cdn;
35 37          case 'graph':
246 248              for (var a = 0, b = FB.Flash._callbacks.length; a < b; a++) FB.Flash._callbacks[a]();
247 249              FB.Flash._callbacks = [];
248 250          };
249            FB.Flash.embedSWF('XdComm', FB.getDomain('cdn') + FB.Flash._swfPath);
  251          FB.Flash.embedSWF('XdComm', FB.getDomain('cdn_foreign') + FB.Flash._swfPath);
250 252      },
251 253      embedSWF: function(d, e, b) {
252 254          var a = !! document.attachEvent,
4952 4954          "api": "https:\/\/api.facebook.com\/",
4953 4955          "api_read": "https:\/\/api-read.facebook.com\/",
4954 4956          "cdn": "https:\/\/s-static.ak.fbcdn.net\/",
  4957          "cdn_foreign": "https:\/\/connect.facebook.net\/",
4955 4958          "graph": "https:\/\/graph.facebook.com\/",
4956 4959          "https_cdn": "https:\/\/s-static.ak.fbcdn.net\/",
4957 4960          "https_staticfb": "https:\/\/s-static.ak.facebook.com\/",
4968 4971      "_minVersions": [
4969 4972          [10, 0, 22, 87]
4970 4973      ],
4971        "_swfPath": "rsrc.php\/v1\/yx\/r\/WFg56j28XFs.swf"
  4974      "_swfPath": "rsrc.php\/v1\/yK\/r\/RIxWozDt5Qq.swf"
4972 4975  }, true);
4973 4976  FB.provide("XD", {
4974 4977      "_xdProxyUrl": "connect\/xd_proxy.php?version=3"

You can fetch the new SWF file at (note though that the diff above indicates that the SWF must now be downloaded by the browser from http://connect.facebook.net/RIxWozDt5Qq.swf):>

By decompiling the SWF file using Sothink's SWF Decompiler (the unregistered version allows you to export up to the first two FLA files you designate to save), you can review the changes that were made. diff PostMessage.as PostMessage_old.as

143,147d142
<         public static function extractPathAndQuery(param1:String) : String
<         {
<             return /^\w+:\/\/[^\/]+(.*)$""^\w+:\/\/[^\/]+(.*)$/.exec(param1)[1
];
<         }// end function
<

It also appears that the XDComm receiver must be downloaded/loaded from connect.facebook.net now, or at least originate from the facebook.com with an /intern/ URL specified.  Otherwise, the cross-domain receiver will not initiate. diff XDComm.as XDComm_old.a

19c19
<             XdComm.fbTrace("XdComm Constructor", {url:stage.loaderInfo.url});
---
>             XdComm.fbTrace("XdComm Initialized", {});
28d27
<             var _loc_4:String = null;
31,50d29
<             var _loc_2:* = stage.loaderInfo.url;
<             var _loc_3:* = PostMessage.extractDomain(_loc_2);
<             if (_loc_3 != "connect.facebook.net")
<             {
<                 XdComm.fbTrace("XdComm is not loaded from connect.facebook.net
", {swfDomain:_loc_3});
<                 if (_loc_3.substr(-13) == ".facebook.com")
<                 {
<                     _loc_4 = PostMessage.extractPathAndQuery(_loc_2);
<                     if (_loc_4.substr(0, 8) != "/intern/")
<                     {
<                         XdComm.fbTrace("XdComm is NOT in intern mode", {swfPat
h:_loc_4});
<                         return;
<                     }
<                     XdComm.fbTrace("XdComm is in intern mode", {swfPath:_loc_4
});
<                 }
<                 else
<                 {
<                     return;
<                 }
<             }
188c167,174
<             return param3;
---
>             if (param2 == 0)
>             {
>             }
>             else
>             {
>                 return param3;
>             }
>             return;
192a179
>             traceObject(param2);

The different versions of PostMessage.as and XdComm.as are posted here: http://bit.ly/kAJ7AJ (PostMessage.as) http://bit.ly/ltGkTF (XdComm.as)



blog comments powered by Disqus