One of the biggest bugs of them all:
security bug
see my BIG security bug post.
Greg
On Nov 4, 3:37 am, EGreg <[EMAIL PROTECTED]> wrote:
> that helps us developers, but ultimately these gadgets will be cached,
> so it's important that the underlying API doesn't suddenly change its
> behavior. On facebook, if that happened, the app developers could go
> and fix their apps (and the profile boxes would continue to show
> static, cached fbml w/o fbjs). But here, if the Container decides to
> change something, it could irreparably break many apps. So as app
> developers we are forced to think ahead to contingencies like ("what
> if PROFILE_URL starts returning the full url at some point?") Our
> users will be stuck with bad js code on their profile gadgets.
>
> What do you propose we can do about it?
>
> Greg
>
> On Nov 4, 2:34 am, "Gaurav Sharma" <[EMAIL PROTECTED]> wrote:
>
> > For issue #3 see this
> > -http://groups.google.com/group/opensocial-api/browse_thread/thread/8d...
>
> > On Nov 4, 2007 12:23 AM, EGreg <[EMAIL PROTECTED]> wrote:
>
> > > I thought it might be helpful to start an unofficial Bug thread. Just
> > > keep posting your bugs as you encounter them and that will bump the
> > > thread, and hopefully a few guys and gals from Orkut lurking around
> > > here can tell the others to fix it. (Or do it themselves.)
>
> > > I'll start us off. I tried developing a module/gadget/app today, and
> > > ran into the following three possible bugs:
>
> > > 1) The URL returned when a user doesn't have a profile picture does
> > > NOT point to a valid picture. I had to make my own and do this:
>
> > > var picUrl =
> > > person.getField(opensocial.Person.Field.THUMBNAIL_URL);
> > > if (picUrl.indexOf('null') >= 0)
> > > picUrl = 'http://luckyapps.com/opensocial/b.gif';
>
> > > Perhaps the picture is not valid because the context in which it is
> > > retrieved is not orkut.com . I discovered that none of the orkut
> > > pictures could be viewed alone, or even saved, with my browser. I
> > > think they can only be included in the context of a Google page.
>
> > > 2) The call
>
> > > person.getField(opensocial.Person.Field.THUMBNAIL_URL)
>
> > > returns a full URL, but
>
> > > person.getField(opensocial.Person.Field.PROFILE_URL)
>
> > > returns a URI within the context of the domain orkut.com . I guess
> > > this was done because sandbox.orkut.com is there but also orkut.com is
> > > there. However, this seems to be inconsistent with the spec, and I
> > > worry whether it will suddenly change to be a FULL url. In other
> > > words, I have to build a check into JS like this:
>
> > > var url = person.getField(opensocial.Person.Field.PROFILE_URL);
> > > if (url.indexOf('http') == -1)
> > > url = 'http://orkut.com'+url;
>
> > > in view of the third bug, this is necessary.
>
> > > 3) The third "bug" is probably not a bug at all, since this is how
> > > Google Gadgets seems to work as well. The gadget I create is CACHED
> > > (for how long? I don't know. Can anyone tell me?) That means I keep
> > > having to create NEW files on my server just to keep debugging my
> > > gadget on orkut sandbox. Is there a BETTER WAY to debug? (I don't
> > > think there is right now, but I'm curious.)
>
> > > Alright, so that's 3 bugs. And there is also an observation: the
> > > examples in the docs are WRONG -- trying to get pictures as described
> > > there, by doing person.getField('picture') returns null.
>
> > > Alright, hopefully this will help some developers. If someone from
> > > Orkut is reading this, please say hi :)
>
> > >GregMagarshak
> > > luckyapps.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OpenSocial Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---
