tags:

views:

62

answers:

2
Q: 

Subscribe to javascript event in an iframe (facebook)

I have an application where I use an iframe for a facebook likebox.

I want to subscribe, in the main page, to the event when the user clicks on the like button in the iframe.

Basically as soon as the user likes the page I want him to be redirected to a page I'll specify.

What javascript command can I use?

Thanks

A: 

You can hook this up to the button

onclick = "window.location('www.google.com')"

obviously replacing the URL with yours. But you might want to check if that's legal.

Júlio Santos  2010-10-13 12:41:06
Can I use that without breaking the button?I don't want to replace the like, I just want to additionally trigger a redirect
 2010-10-13 12:42:14
Try it. If it doesn't work, try to subscribe to the like event (check this out: http://developers.facebook.com/docs/reference/javascript/FB.Event.subscribe)
Júlio Santos  2010-10-13 12:46:08
Subscribing to the like event doesn't work, that's why I'm asking whether there is something special to do if the like button is in an iframe, not in fbml
 2010-10-13 12:50:11
It doesn't work? What happens?
Júlio Santos  2010-10-13 12:55:03
Nothing happens the like is not detected. I wonder if there is another problem, because I can't ad a xfbml likebox too
 2010-10-13 13:02:24
+3  A: 

Unless your parent document is on the same domain as the Facebook Like frame, you can't script into it at all, for security reasons. This is the Same Origin Policy. It prevents you not only from detecting the click but also from impersonating the user, forcing them to perform actions (such as Liking you) without their consent.

You can try to place an element on top of the frame to detect clicks, but by intercepting the click you also stop it going through to the frame. About the best you can do is detect a hover over the area of the Like button and remove the covering element, allowing the user to click. This isn't reliable though since it'll catch all mouseovers.

bobince  2010-10-13 14:01:11
What about if the parent document is accessed through file protocol (ex. index.html in a mobile device)? Is it still cross domain? Can it be done? Thanks
GuilhermeA  2010-10-19 18:46:10
Yes, that's still cross-domain, and no, it doesn't work. In IE *only*, there's one catch: you can do an insecure cross-domain `XMLHttpRequest` from a `file:///` URL, in the My Computer Zone. You could use cross-domain XHR to recreate the button on your own page and fake interaction with it by posting whatever interaction Facebook's own scripts would do. (This is why it's insecure.) However to get that to work requires a load of scripting, which is a pain and scripting is disabled in My Computer by default (the user has to deliberately enable it from the Information Bar). Not much use.
bobince  2010-10-19 22:46:06
Hum... I think I get what you mean. Just to make sure in mobile case: if we have a .html (in a mobile device) with an iframe loading a domain controlled by us and from here (the son) we call a JS function defined in the parent (local .html) we won't be able to do it due to cross-domain policy? Not even by any mechanism that goes around this problem? Thank you for your explanation!
GuilhermeA  2010-10-20 16:37:55
No, the Same Origin Policy is a basic part of the web you won't be able to avoid without special privileges unavailable to normal web pages.
bobince  2010-10-20 22:58:25
I'm thinking in a workaround. I think if I just add/remove some html element in the son and in the parent (the .html at local side) pooling for the element and add some logic to it, depending if is there or not, I can run the JS functions I want... Or I won't be able from the parent to check for some elements in the son? Thanks
GuilhermeA  2010-10-21 00:49:11
No, indeed, the `window` object you get for a child frame sitting on a different hostname is an extremely limited version that doesn't give you access to `document`.
bobince  2010-10-21 00:58:28
Damn! I see. Thank you for enlightening me about this issue, I'm trying to solve this but I have a short knowledge in this domain.I'm thinking about another way: I believe the parent is allowed to check the url of the son or any other (that I change from the son), and this way I may check for some parameters and with polling I can run the JS functions according to the parameters... Do you think this makes sense?
GuilhermeA  2010-10-21 09:59:36
No, `location` is another property that is protected and not available cross-domain. The only ways documents in different domains can communicate to each other are: `window.name`, HTML5 `postMessage`, and server-assisted approaches. All of these require co-operation from the framed domain. Trying to interfere with user interaction on a document in another domain, like you want to do here, is something that the Same Origin Policy is deliberately and specifically designed to disallow.
bobince  2010-10-21 13:55:52
But one of the cross domain hacks isn't based in polling for the url hash - the two frames communicate with each other by using fragment identifiers ?
GuilhermeA  2010-10-21 14:54:20
Yes, there is that, but fragments allow push-communication only. The parent can navigate the child to a fragment, or the child can navigate the parent to a fragment, but neither can *read* the other's fragment, since that's a protected property of the `location` object. So again you need co-operation from the child document, you can't pull the information yourself. Fragment-navigation has the same limitations as `window.name` communication, plus it also messes up the browser history, so it's generally best avoided.
bobince  2010-10-21 15:16:17
Yes but I control the server! So maybe I can set the parent window.name to some different things and check for changes in the parent and act accordingly! Am I wrong? :/Thanks again for your patience!
GuilhermeA  2010-10-21 15:37:59
I'm trying some ways to change the parent window.name from the son (server side, controlled by me) but then checking it in the parent it's not affected :/
GuilhermeA  2010-10-21 15:58:12
Usually the way it's done is that the child sets its own window.name, which the parent can read. But I don't see how any of this helps you. You don't control Facebook's servers (right?) so you can't persuade the like-frame to either read or write `window.name`.
bobince  2010-10-21 17:21:41

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript