TASClient? Facebook Cross-Domain Messaging helper-springinfo - Page 2

TASClient? Facebook Cross-Domain Messaging helper-springinfo

Discuss your problems with the latest release of the engine here. Problems with games, maps or other utilities belong in their respective forums.

Moderator: Moderators

muckl
Posts: 151
Joined: 30 Aug 2010, 07:18

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by muckl »

atm it isnt happening when i startup tasclient with infosite displaying
maybe its already deleted..
i dont think that tasclient startet those 3 FF windows with that crosssite attack

cause tas was not updated when this came up
and now its gone

and as long u cannot point out the code in the source, what opens 3 external website windows with a URL what redirected via facebook to springinfo is imo the problem right at springinfo.info
User avatar
Silentwings
Posts: 3720
Joined: 25 Oct 2008, 00:23

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by Silentwings »

... point out the code in the source ...
As said, I have no interest in the cause/effect/presence of tasc bugs. But currently impossible anyway since (1) no source (2) no project page on which to look for source (3) no maintainer on which to look for project page and (4) no forum, except those already tried and failed, on which to discover maintainer.
muckl
Posts: 151
Joined: 30 Aug 2010, 07:18

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by muckl »

so u say, that the maintainer has implemented code, that after some months a crosssite "attack" (what is not one cause its a simple redirection over facebook but recognized by FF as a potential treat) will be triggered without any logical benefit as result?
only because u dont have the source?

so u say too, that springinfo website does not have any security holes and filters out content, that makes it possible to post content what has some JS or other codes or other tricks or bugs ?
muckl
Posts: 151
Joined: 30 Aug 2010, 07:18

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by muckl »

hows about that:

u look into source from springinfo.info

and do a search for that ID what shows up in that url, what get opened after tasclient shows the springinfo site in the embedded browser:

Code: Select all

https://www.facebook.com/connect/ping?client_id=312068372256054&domain=www.springinfo.info&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2F8n77RrR4jg0.js%3Fversion%3D40%23cb%3Df2d7a235d6ce448%26domain%3Dwww.springinfo.info%26origin%3Dhttp%253A%252F%252Fwww.springinfo.info%252Ff396d62aeba2e1c%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey
that id is 312068372256054

now look into the source of springinfo.info and see:

Code: Select all

<div id="fb-root"></div>
<script>(function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(d.getElementById(id))return;js=d.createElement(s);js.id=id;js.src="//connect.facebook.net/en_US/all.js#xfbml=1&appId=312068372256054";fjs.parentNode.insertBefore(js,fjs);}(document,'script','facebook-jssdk'));</script>
and u see the appId=312068372256054

do i have to say anything more?
User avatar
Silentwings
Posts: 3720
Joined: 25 Oct 2008, 00:23

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by Silentwings »

muckl wrote:so u say, that ... ( ... but ... ) will be ... ? only because ... ? so u say too, that ... and ... , that ... or ... ?
As anyone with a postive integer reading age has likely already realized, I said quite literally none of that.

If you'd bothered to read what I did say, it would have said this:
silentwings wrote: I couldn't care less if TASClient is a security risk to you or not, but lack of tracker/info page wasting other peoples time when it fails is :shock:
Last edited by Silentwings on 09 Apr 2014, 23:34, edited 1 time in total.
muckl
Posts: 151
Joined: 30 Aug 2010, 07:18

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by muckl »

i was reading between your lines
so i can ask if u mean that in that way
u just have to comment it in a normal way
no point to go personally and to edit quotes and ignore questionmarks like u want to read it


so who did the page with the failing code?
klapmongool
Posts: 843
Joined: 13 Aug 2007, 13:19

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by klapmongool »

Relaaxx :)

Knorke, here is the changelog as linked to in TASclient: http://springrts.com/dl/tasclient/tascl ... ngelog.log

Last update must have been in november, as muckl said. Before that updates were every 3-4 months I think.


I disabled the news feed and the problem is gone.
User avatar
very_bad_soldier
Posts: 1397
Joined: 20 Feb 2007, 01:10

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by very_bad_soldier »

Where can I disable that?
klapmongool
Posts: 843
Joined: 13 Aug 2007, 13:19

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by klapmongool »

very_bad_soldier wrote:Where can I disable that?
Options->Lobby Options->Interface->Disable news
User avatar
AF
AI Developer
Posts: 20687
Joined: 14 Sep 2004, 11:32

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by AF »

It took a moderator posting in the springinfo thread in the adjacent forum to get me here.

All through this nobody thought to actually load springinfo.info or mention me or mention the contact form

TLDR

Springinfo, a site actively maintained by a longstanding community member with a long history and until recently the highest post count ( Smoth now holds that crown )

vs

TASClient, a closed source project that was maintained by someone called Satirik, who has vanished, and while present, programmed in crash bugs that told players he didn't like to "f*ck off"

I honestly have no idea what facebook connect has to do with tasclient, but I do have facebook related automation on springinfo, it autoposts stuff that's pulled into springinfo on to facebook pages.

Along with twitter and others. Said automation tries to post the news that was pulled in rather than the springinfo URL so that you go straight to the source.


So no, there is nothing wrong with springinfo, I dont even see how it's being loaded to begin with. Maybe Satirik implemented news by trying to load the springinfo frontpage in some weird hackish browser out of view rather than pulling in the RSS. Eitherway tasclient is borked, nothing I can do about it.


At the moment the only non-standard components I have on SpringInfo aside from the theme, are only ran on the internal and back end of the site, not the front end, aside from gravity forms. The theme was provided by the Design Wall company, and a free light version of the theme is up on github for all to see. Gravity forms is a widely popular commercial WordPress plugin with no relation to FB Connect
User avatar
Silentwings
Posts: 3720
Joined: 25 Oct 2008, 00:23

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by Silentwings »

The prosecution rests, m'lud.

(AF: I did check springinfo worked, so didn't bother you.)
User avatar
AF
AI Developer
Posts: 20687
Joined: 14 Sep 2004, 11:32

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by AF »

Does anybody have any information about how tasclient queries springinfo?
ismo
Posts: 33
Joined: 27 Dec 2009, 13:52

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by ismo »

I also noticed on my Win8 that Tasclient was popping three browsers at start which of two were going to Facebook sites that were "security risks". However, I applied Jools' suggestion of just disabling news, and no more issues :)

Anyways, I am using TASClient so do not kill it. I have no idea how to use any other lobby, lol :) It looks like that last update is from end of last year: http://springrts.com/dl/tasclient/
(I have no idae if there is more updates coming).
User avatar
very_bad_soldier
Posts: 1397
Joined: 20 Feb 2007, 01:10

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by very_bad_soldier »

AF wrote:Does anybody have any information about how tasclient queries springinfo?
Your easiest, most reliable and most exact source of information regarding this topic is wireshark I would say.
muckl
Posts: 151
Joined: 30 Aug 2010, 07:18

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by muckl »

AF wrote:Does anybody have any information about how tasclient queries springinfo?
over Twebbrowser (see http://edn.embarcadero.com/article/27843)
what uses IE over activex call

and Twebbrowser is wrapped by TWebBrowserWrapper

see MainUnit.pas:

Code: Select all

 // make the news browser
    if Preferences.DisableNews or RunningWithMainMenu then
    begin
      NewsMainPanel.Visible := False;
      ScrollingNewsTimer.Enabled := False;
    end
    else
    begin
      if MainUnit.Debug.Enabled then
        Misc.TryToAddLog(MainUnit.StartDebugLog,'Creating news control ...');

      NewsBrowser := TWebBrowserWrapper.Create(NewsPanel);
      TWinControl(NewsBrowser).Parent := NewsPanel;
      NewsBrowser.Show3DBorder := False;
      NewsBrowser.Align := alClient;
      NewsBrowser.Visible := True;
      NewsBrowser.Silent := True;
      NewsBrowser.OnDocumentComplete := OnNewsBrowserDocumentComplete;
      NewsBrowser.OnBeforeNavigate2 := OnNewsBrowserBeforeNavigate2;
      NewsBrowser.OnNewWindow2 := NewsBrowserNewWindow2;

      // display and expand the news
      ScrollingNewsPanel.Align := alClient;
      Panel1.Visible := False;
      NewsMainPanel.Align := alClient;
      ScrollingNewsPanel.Visible := False;
      NewsPanel.Align := alClient;
      NewsPanel.Visible := True;
      ExpandNewsButton.ImageIndex := 0;
      MainForm.WindowState := wsMinimized;
      MainForm.Visible := True;
      
      //ScrollingNewsTimerTimer(nil);
      TScrollingNewsRefreshThread.Create(False,600000);

      if MainUnit.Debug.Enabled then
      Misc.TryToAddLog(MainUnit.StartDebugLog,'Displaying news page ...');
      try
        NewsBrowser.Navigate(NEWS_URL);
      except
      end;
      MainForm.Visible := False;
      MainForm.WindowState := wsNormal;
    end;
http://springrts.com/svn/spring/Lobby/TASClient/
User avatar
Jonny5isalivetm
Posts: 186
Joined: 04 Jul 2006, 02:43

Re: TASClient? Facebook Cross-Domain Messaging helper-spring

Post by Jonny5isalivetm »

There was a tasclient auto update yesterday I have option ticked to receive "Auto Update to Latest Beta"
Post Reply

Return to “Help & Bugs”