Google Reader of Ajax case studies

Ajax|google

Google ReaderIt's another Google Ajax app that used to be mistaken for a browser plugin, so it didn't pay attention. Yesterday in Netizen Jared remind to go to open a only then see a bar. Hurriedly crack the code, because just opened above also has not how much data, casually shakes two eyes.

First log in to Readr, save the reader page to local, get a main file (HTM), a script, and a CSS style sheet.

Remove this line from the HTML file:
<!--saved from Url= (0041) Http://www.google.com/reader/things/intro-->


This allows XMLHTTP access to network resources indefinitely.

Reader refers to a baffling JS file, with the number of file names, do not know the name is not often changed, I downloaded yesterday when the name is:Http://www.google.com/reader/ui/874310214-main.js

Check where the data is sent and received, and find a key point is the No. 479 line of the script:

;D. prototype. Hb=function (a) {if (This.overridecache&&a.indexof ("?") ==-1) {var b= (new Date ()). GetTime (); a=a+ "?" +b}this.uri=a}


Identifiers such as URIs are preserved, which is a good indication that Google has not deliberately confused the code. Here's where we start:

;D. prototype. Hb=function (a) {
if (This.overridecache&&a.indexof ("?") ==-1) {
var b= (new Date ()). GetTime (); a=a+ "?" +b
}
This.uri= "http://www.google.com "+a
window.open (This.uri);
}


This.uri= "http://www.google.com "+ais to allow XMLHTTP to properly locate the site.
window.open (This.uri) is to look at the content that XMLHTTP is trying to access at the same time by opening a new window.

Carck after the script hereHttp://www.blogjava.net/Files/emu/874310214-main.rar。 There is my personal information on the main page, so don't upload the full local version of the run.

After you save the script and reopen the HTM page, you can see that two dynamic XML data sources were loaded during the display of the page.

http://www.google.com/reader/atom/user/*********************/state/com.google/reading-list?n=20

Http://www.google.com/reader/atom/user/********************%2fpref%2fcom.google%2fprefs?complete=true

The asterisk section in the middle is my user number, and it's not posted. You can see your own when you experiment.

These two data were originally opened in the browser window when it was very unexpected, actually returned two XML files! I have said many times before that Google launched Ajah, which seems to be a mistake for the good guys, and Google also uses authentic Ajax.

- < Feed xmlns =" Http://www.w3.org/2005/Atom ">   < title > user/***************/state/com.google/reading-list </ title >   < ID > tag:google.com,2005:reader/user/***************//state/com.google/reading-list </ ID >   < Updated > 2005-12-02t04:03:50z </ Updated > </ Feed >

- < Feed xmlns =" Http://www.w3.org/2005/Atom ">   < title > User/***************/pref/com.google/prefs </ title >   < ID > Tag:google.com,2005:reader/user/***************/pref/com.google/prefs </ ID >   < Updated > 2005-12-02t04:03:50z </ Updated > </ Feed >

I have just opened reader, there is no data in it. What did you see?