As part of my work on Qliqa, I bumped in to the fact that Facebook blocks embedding itself in HTML frames, instead it provides the Facebook logo and a link to the location you tried reaching.

Today, during a routine check on some updates, I realized that the a link on our test site that points to a Youtube video shows a generic non-same-origin-frame-blocked error with a link to the original address of the iframe. Although blocking framing ruins a lot of my plans, yet I understand their choice, as a webmaster I know that there is more then one reason to block framing your website.

But, here is the thing, Facebook didn’t block framing with a general HTTP header, they provided their own error page, its a clear fail-safe choice, Youtube on the other hand chose to block it by setting a header ordering the browser to block embedding the content if it is not originated from the same domain.

Now, the funny thing is, that for some reason the Webkit engine does not supply a Same-Origin error page, Webkit is used in Safari, Chrome and more, while I’ll know that Facebook is blocking their content, If I would have been using Chrome and trying to access a Youtube link from StumbleUpon, I would never know why the content is blank.

Frame it or not, no UI is not always the best UI…

Lately many of my friends on Facebook found out that applications can indeed be harmful. messages were sent in their name, chats were opened with other friends inviting them to go to a specific link.

The only good deed I could have done is send them back the link to the apps management page and explain them that they need to remove all apps that are not useful.

So after looking around the Facebook interface for a link to fast removing apps, I created this script.

var cid = 0;
var d = document;
var w = window;
function t(item, next) {
if (d.getElementsByName(item)[0] == undefined) {
w.setTimeout("t('" + item + "','" + next + "')", 500);
return;
}
d.getElementsByName(item)[0].click();
w.setTimeout(next + "()", 500);
}
function x() {
var a = d.links[cid];
if (a.className == undefined) {
next(1);
return;
}
if (a.className.indexOf('fbSettingsListItemDelete') > -1) {
eval(unescape(a.href.substr(11, (a.href.length - 12))));
t("remove", "ok");
} else {
next(1);
}
}
function ok() {
t("ok", "next");
}
function next(add) {
if (add != null) cid++;
if (d.links.length) return;
x();
}
x();

Same code, for address bar use:

var%20cid=0;var%20d=document;var%20w=window;function%20t(item,next){if(d.getElementsByName(item)[0]==undefined){w.setTimeout("t('"+item+"','"+next+"')",500);return;}d.getElementsByName(item)[0].click();w.setTimeout(next+"()",500);}function%20x(){var%20a=d.links[cid];if(a.className==undefined){next(1);return;}if(a.className.indexOf('fbSettingsListItemDelete')>-1){eval(unescape(a.href.substr(11,(a.href.length-12))));t("remove","ok");}else{next(1);}}function%20ok(){t("ok","next");}function%20next(add){if(add!=null)cid++;if(d.links.length)return;x();}x();

This script takes all links on the page and searches for the links that are the ‘X’ where you can remove the application. Then it clicks on the remove and waits until the window to confirm the removal appears, when it does, the ‘Remove’ button is clicked. The same routine as above is done for the window that approves the removal of the application. Then the script goes on to the next application. This script can be ran from the console window, or from the address bar with ‘javascript:’ before the script.