TASClient? Facebook Cross-Domain Messaging helper-springinfo
Moderator: Moderators
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
atm it isnt happening when i startup tasclient with infosite displaying
maybe its already deleted..
i dont think that tasclient startet those 3 FF windows with that crosssite attack
cause tas was not updated when this came up
and now its gone
and as long u cannot point out the code in the source, what opens 3 external website windows with a URL what redirected via facebook to springinfo is imo the problem right at springinfo.info
maybe its already deleted..
i dont think that tasclient startet those 3 FF windows with that crosssite attack
cause tas was not updated when this came up
and now its gone
and as long u cannot point out the code in the source, what opens 3 external website windows with a URL what redirected via facebook to springinfo is imo the problem right at springinfo.info
- Silentwings
- Posts: 3720
- Joined: 25 Oct 2008, 00:23
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
As said, I have no interest in the cause/effect/presence of tasc bugs. But currently impossible anyway since (1) no source (2) no project page on which to look for source (3) no maintainer on which to look for project page and (4) no forum, except those already tried and failed, on which to discover maintainer.... point out the code in the source ...
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
so u say, that the maintainer has implemented code, that after some months a crosssite "attack" (what is not one cause its a simple redirection over facebook but recognized by FF as a potential treat) will be triggered without any logical benefit as result?
only because u dont have the source?
so u say too, that springinfo website does not have any security holes and filters out content, that makes it possible to post content what has some JS or other codes or other tricks or bugs ?
only because u dont have the source?
so u say too, that springinfo website does not have any security holes and filters out content, that makes it possible to post content what has some JS or other codes or other tricks or bugs ?
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
hows about that:
u look into source from springinfo.info
and do a search for that ID what shows up in that url, what get opened after tasclient shows the springinfo site in the embedded browser:
that id is 312068372256054
now look into the source of springinfo.info and see:
and u see the appId=312068372256054
do i have to say anything more?
u look into source from springinfo.info
and do a search for that ID what shows up in that url, what get opened after tasclient shows the springinfo site in the embedded browser:
Code: Select all
https://www.facebook.com/connect/ping?client_id=312068372256054&domain=www.springinfo.info&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2F8n77RrR4jg0.js%3Fversion%3D40%23cb%3Df2d7a235d6ce448%26domain%3Dwww.springinfo.info%26origin%3Dhttp%253A%252F%252Fwww.springinfo.info%252Ff396d62aeba2e1c%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey
now look into the source of springinfo.info and see:
Code: Select all
<div id="fb-root"></div>
<script>(function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(d.getElementById(id))return;js=d.createElement(s);js.id=id;js.src="//connect.facebook.net/en_US/all.js#xfbml=1&appId=312068372256054";fjs.parentNode.insertBefore(js,fjs);}(document,'script','facebook-jssdk'));</script>
do i have to say anything more?
- Silentwings
- Posts: 3720
- Joined: 25 Oct 2008, 00:23
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
As anyone with a postive integer reading age has likely already realized, I said quite literally none of that.muckl wrote:so u say, that ... ( ... but ... ) will be ... ? only because ... ? so u say too, that ... and ... , that ... or ... ?
If you'd bothered to read what I did say, it would have said this:
silentwings wrote: I couldn't care less if TASClient is a security risk to you or not, but lack of tracker/info page wasting other peoples time when it fails is
Last edited by Silentwings on 09 Apr 2014, 23:34, edited 1 time in total.
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
i was reading between your lines
so i can ask if u mean that in that way
u just have to comment it in a normal way
no point to go personally and to edit quotes and ignore questionmarks like u want to read it
so who did the page with the failing code?
so i can ask if u mean that in that way
u just have to comment it in a normal way
no point to go personally and to edit quotes and ignore questionmarks like u want to read it
so who did the page with the failing code?
-
- Posts: 843
- Joined: 13 Aug 2007, 13:19
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
Relaaxx :)
Knorke, here is the changelog as linked to in TASclient: http://springrts.com/dl/tasclient/tascl ... ngelog.log
Last update must have been in november, as muckl said. Before that updates were every 3-4 months I think.
I disabled the news feed and the problem is gone.
Knorke, here is the changelog as linked to in TASclient: http://springrts.com/dl/tasclient/tascl ... ngelog.log
Last update must have been in november, as muckl said. Before that updates were every 3-4 months I think.
I disabled the news feed and the problem is gone.
- very_bad_soldier
- Posts: 1397
- Joined: 20 Feb 2007, 01:10
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
Where can I disable that?
-
- Posts: 843
- Joined: 13 Aug 2007, 13:19
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
Options->Lobby Options->Interface->Disable newsvery_bad_soldier wrote:Where can I disable that?
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
It took a moderator posting in the springinfo thread in the adjacent forum to get me here.
All through this nobody thought to actually load springinfo.info or mention me or mention the contact form
TLDR
Springinfo, a site actively maintained by a longstanding community member with a long history and until recently the highest post count ( Smoth now holds that crown )
vs
TASClient, a closed source project that was maintained by someone called Satirik, who has vanished, and while present, programmed in crash bugs that told players he didn't like to "f*ck off"
I honestly have no idea what facebook connect has to do with tasclient, but I do have facebook related automation on springinfo, it autoposts stuff that's pulled into springinfo on to facebook pages.
Along with twitter and others. Said automation tries to post the news that was pulled in rather than the springinfo URL so that you go straight to the source.
So no, there is nothing wrong with springinfo, I dont even see how it's being loaded to begin with. Maybe Satirik implemented news by trying to load the springinfo frontpage in some weird hackish browser out of view rather than pulling in the RSS. Eitherway tasclient is borked, nothing I can do about it.
At the moment the only non-standard components I have on SpringInfo aside from the theme, are only ran on the internal and back end of the site, not the front end, aside from gravity forms. The theme was provided by the Design Wall company, and a free light version of the theme is up on github for all to see. Gravity forms is a widely popular commercial WordPress plugin with no relation to FB Connect
All through this nobody thought to actually load springinfo.info or mention me or mention the contact form
TLDR
Springinfo, a site actively maintained by a longstanding community member with a long history and until recently the highest post count ( Smoth now holds that crown )
vs
TASClient, a closed source project that was maintained by someone called Satirik, who has vanished, and while present, programmed in crash bugs that told players he didn't like to "f*ck off"
I honestly have no idea what facebook connect has to do with tasclient, but I do have facebook related automation on springinfo, it autoposts stuff that's pulled into springinfo on to facebook pages.
Along with twitter and others. Said automation tries to post the news that was pulled in rather than the springinfo URL so that you go straight to the source.
So no, there is nothing wrong with springinfo, I dont even see how it's being loaded to begin with. Maybe Satirik implemented news by trying to load the springinfo frontpage in some weird hackish browser out of view rather than pulling in the RSS. Eitherway tasclient is borked, nothing I can do about it.
At the moment the only non-standard components I have on SpringInfo aside from the theme, are only ran on the internal and back end of the site, not the front end, aside from gravity forms. The theme was provided by the Design Wall company, and a free light version of the theme is up on github for all to see. Gravity forms is a widely popular commercial WordPress plugin with no relation to FB Connect
- Silentwings
- Posts: 3720
- Joined: 25 Oct 2008, 00:23
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
The prosecution rests, m'lud.
(AF: I did check springinfo worked, so didn't bother you.)
(AF: I did check springinfo worked, so didn't bother you.)
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
Does anybody have any information about how tasclient queries springinfo?
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
I also noticed on my Win8 that Tasclient was popping three browsers at start which of two were going to Facebook sites that were "security risks". However, I applied Jools' suggestion of just disabling news, and no more issues :)
Anyways, I am using TASClient so do not kill it. I have no idea how to use any other lobby, lol :) It looks like that last update is from end of last year: http://springrts.com/dl/tasclient/
(I have no idae if there is more updates coming).
Anyways, I am using TASClient so do not kill it. I have no idea how to use any other lobby, lol :) It looks like that last update is from end of last year: http://springrts.com/dl/tasclient/
(I have no idae if there is more updates coming).
- very_bad_soldier
- Posts: 1397
- Joined: 20 Feb 2007, 01:10
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
Your easiest, most reliable and most exact source of information regarding this topic is wireshark I would say.AF wrote:Does anybody have any information about how tasclient queries springinfo?
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
over Twebbrowser (see http://edn.embarcadero.com/article/27843)AF wrote:Does anybody have any information about how tasclient queries springinfo?
what uses IE over activex call
and Twebbrowser is wrapped by TWebBrowserWrapper
see MainUnit.pas:
Code: Select all
// make the news browser
if Preferences.DisableNews or RunningWithMainMenu then
begin
NewsMainPanel.Visible := False;
ScrollingNewsTimer.Enabled := False;
end
else
begin
if MainUnit.Debug.Enabled then
Misc.TryToAddLog(MainUnit.StartDebugLog,'Creating news control ...');
NewsBrowser := TWebBrowserWrapper.Create(NewsPanel);
TWinControl(NewsBrowser).Parent := NewsPanel;
NewsBrowser.Show3DBorder := False;
NewsBrowser.Align := alClient;
NewsBrowser.Visible := True;
NewsBrowser.Silent := True;
NewsBrowser.OnDocumentComplete := OnNewsBrowserDocumentComplete;
NewsBrowser.OnBeforeNavigate2 := OnNewsBrowserBeforeNavigate2;
NewsBrowser.OnNewWindow2 := NewsBrowserNewWindow2;
// display and expand the news
ScrollingNewsPanel.Align := alClient;
Panel1.Visible := False;
NewsMainPanel.Align := alClient;
ScrollingNewsPanel.Visible := False;
NewsPanel.Align := alClient;
NewsPanel.Visible := True;
ExpandNewsButton.ImageIndex := 0;
MainForm.WindowState := wsMinimized;
MainForm.Visible := True;
//ScrollingNewsTimerTimer(nil);
TScrollingNewsRefreshThread.Create(False,600000);
if MainUnit.Debug.Enabled then
Misc.TryToAddLog(MainUnit.StartDebugLog,'Displaying news page ...');
try
NewsBrowser.Navigate(NEWS_URL);
except
end;
MainForm.Visible := False;
MainForm.WindowState := wsNormal;
end;
- Jonny5isalivetm
- Posts: 186
- Joined: 04 Jul 2006, 02:43
Re: TASClient? Facebook Cross-Domain Messaging helper-spring
There was a tasclient auto update yesterday I have option ticked to receive "Auto Update to Latest Beta"