Poetry of Programming

Its about Ruby on Rails – Kiran Soumya

Dec
29

By

Notes on using fb:swf in FaceBook

Category: General 2 Comments

In facebook groups or discussions… I saw plently of developers struggling to embed fb:swf using FBML.

An example for them to make their life easier :)

<fb:swf swfsrc=”SRC_URL” allowscriptaccess=”all”
bgcolor=”#ECECEC” id=”some_id” wmode=”transparent” SWLIVECONNECT=”true”
flashvars=”serverPath=http://dynamic_url?fbid=<%=uid%>&some_params=blahblah” height=”200″ width=”382″
imgsrc=”img_url_at_beginning” />

The other Common Wiki Notes for this to be noted:

  • Currently, Facebook requires Flash version 9.0.0 for all <fb:swf> tags.
  • Make sure that the flashvars parameter is all lowercase. Some sources of embedded links capitalize the V, which does not work on Facebook.
  • Currently, Facebook wraps the resultant Flash object in a <div> tag, so despite the fact that the embed/object tag is not block-level, consecutive <fb:swf> tags will appear one above the other instead of side-by-side.
  • To verify that your Flash object was loaded from a Facebook page, do the following. For security, this technique does not embed your secret key in your Flash app:
  1. Get all the parameters whose names start with fb_sig_. (Do not include the fb_sig parameter itself.) In Flex use Application.application.parameters to do this.
  2. Strip the fb_sig_ prefix from each, and make sure the keys are lowercase.
  3. Create a string of the form param1=value1param2=value2param3=value3, etc., sorted by the names (not the values) of the parameters. Note: Do not use ampersands between the parameters.
  4. Pass this string to your server, where your secret key is stored.
  5. On your server, append your application secret key to the string that was passed in. The following is returned: param1=value1param2=value2param3=value3myappsecret
  6. On your server, create an MD5 hash of this string.
  7. Return the MD5 hash from your server to your Flash object.
  8. In your Flash object, compare the returned hash with the fb_sig parameter that was passed in. If they are equal, then your Flash object was loaded by Facebook. (Or by someone who stole your secret key.)

While the above technique doesn’t embed your secret in the Flash object, what you’re doing is making a public Web service to sign parameter strings with your secret and then embedding its address in your Flash object. This is just as bad as publishing your secret key (except you do the MD5 computation for any malicious clients). What you want to do is send all the parameters to the Web server (including fb_sig) and have it verify the signature internally and respond with either OK or NOT_OK.

Dec
29

By

Embedding Flash in Google Gadget !

Category: General Tags: Leave a Comment

A static flash play can be easily embedded using _IG_EmbedFlash() function in the gadget but since we need to load the xml according to the User Login preferences. I need to do some more modifications.

The issue I faced here is :

For security reasons, a Macromedia Flash playing in a web browser is not allowed to access data that resides outside the exact web domain from which the SWF originated.

Since google loads modules from 97.gmodules.com domain, extracting data from marketsimplified domain becomes external.

Cross-domain policy file has to be created to make it work.

(Ref: http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14213&sliceId=2)

But still I didnt get it to work… unless on top of this, I have to do some workaround as described in this url…
http://www.scriptplayground.com/tutorials/as/Loading-remote-XML-in-Flash-8/

However finally… its up and running…

Dec
29

By

Import Tool – ScRUBYt

Category: Ruby 1 Comment

At first I tried String Wrapper tool using open-uri

Then I understood Tree wrappers tools that the HTML document can look very good in a browser, yet still be seriously malformed (unclosed/misused tags). It is a non-trivial problem to parse such a document into a structured format like XML, since XML parsers can work with well-formed documents only

But HTree and REXML is capable to transform the input into the nicest possible XML from our point of view: a REXML Document. ( REXML is Ruby’s standard XML/XPath processing library).

After preprocessing the page content with HTree, we have to unleash the full power of XPath, which is a very powerful XML document querying language, highly suitable for web extraction.

The powerful web scrapping tools in Ruby are mainly Mechanize and Hpricot. Hpricot is “a Faster HTML Parser for Ruby” out of other Rubyful-soup(HTree + XPath),scrAPI,ARIEL

www::Mechanize has the ability to automatically navigate through Web pages as a result of interaction (filling forms etc.) while keeping cookies, automatically following redirects and simulating everything else what a real user (or the browser in response to that) would do.

Mechanize is powerful lib BUT we cannot perfectly interact with JavaScript websites. That is, it cannot handle more than one redirects through javascript.

Using mechanize, attempts to gmail webscrap to get all mails (feed exists to get new mails only) and orkut scraps extraction could go through until there is no complex javascript to break.

At first tried to do google search and extract reditt articles using almost all libs.

Then Using Xpath and scRUBYt, I am able to extract details from finance.google.com in xml format.

To a certain extent scRUBYt which is combination of Hpricot and Mechanize on steriods, seems starting step to me to get finance.google.com portfolio.

Also,scRUBYt is faster than mechanize.

Program:

require 'rubygems'
require 'scrubyt'

google_data = Scrubyt::Extractor.define do
fetch 'http://finance.google.com'
click_link 'Portfolios'
fill_textfield 'Email', '<a href="mailto:kiransoumi@gmail.com">kiransoumi@gmail.com</a>'
fill_textfield 'Passwd', '----'
submit
fetch 'http://finance.google.com/finance/portfolio?action=view&pid=1'
click_link 'Transactions'
#Construct the wrapper
stockinfo "/html/body/div/div/table/tbody/tr" do
   symbol "/td[1]/a[1]"
   qty "/td[5]"
   price "/td[6]"
end

end

google_data.to_xml.write($stdout, 1)
Scrubyt::ResultDumper.print_statistics(google_data)

OUTPUT:
[MODE] Learning
[ACTION] fetching document: <a href="http://finance.google.com">http://finance.google.com</a>
[ACTION] clicking link: Portfolios
[ACTION] fetched <a href="https://www.google.com/accounts/ServiceLogin?hl=en&service=finance&nui=1&continue=http%3A%2F%2Ffinance.google.com%3A80%2Ffinance%2Fportfolio%3Faction%3Dview">https://www.google.com/accounts/ServiceLogin?hl=en&service=finance&nui=1&continue=http%3A%2F%2Ffinance.google.com%3A80%2Ffinance%2Fportfolio%3Faction%3Dview</a>
[ACTION] typing <a href="mailto:kiransoumi@gmail.com">kiransoumi@gmail.com</a> into the textfield named 'Email'
[ACTION] typing ---- into the textfield named 'Passwd'
[ACTION] submitting form...
[ACTION] fetched <a href="https://www.google.com/accounts/CheckCookie?continue=http%3A%2F%2Ffinance.google.com%3A80%2Ffinance%2Fportfolio%3Faction%3Dview&service=finance&hl=en&chtml=LoginDoneHtml">https://www.google.com/accounts/CheckCookie?continue=http%3A%2F%2Ffinance.google.com%3A80%2Ffinance%2Fportfolio%3Faction%3Dview&service=finance&hl=en&chtml=LoginDoneHtml</a>
[ACTION] fetching document: <a href="http://finance.google.com/finance/portfolio?action=view&pid=1">http://finance.google.com/finance/portfolio?action=view&pid=1</a>
[ACTION] clicking link: Transactions
[ACTION] fetched <a href="http://finance.google.com/finance/portfolio?action=viewt&pid=1">http://finance.google.com/finance/portfolio?action=viewt&pid=1</a>
Extraction finished succesfully!
  <root>
    <stockinfo>
      <symbol>IBM</symbol>
      <qty>22.00</qty>
      <price>22.00</price>
    </stockinfo>
    <stockinfo>
      <symbol>GOOG</symbol>
      <qty>10.00</qty>
      <price>270.00</price>
    </stockinfo>
    <stockinfo>
      <symbol>INFY</symbol>
      <qty>12.00</qty>
      <price>80.00</price>
    </stockinfo>
    <stockinfo>
      <symbol>INTC</symbol>
      <qty>4.00</qty>
      <price>18.00</price>
    </stockinfo>
  </root>

stockinfo extracted 4 instances.
symbol extracted 4 instances.
qty extracted 4 instances.
price extracted 4 instances.