can this be done? clickjack facebook like and open new link

Discussion in 'Social Networking Sites' started by mark0v, Nov 25, 2010.

  1. mark0v

    mark0v Junior Member

    May 6, 2010
    Likes Received:
    I'm trying to figure out how to go about doing this, however javascript is not my forte.

    I have a facebook like button with opacity=0 set on top of an img in my html. So if someone clicks the invisible FB iframe within the image and is logged into facebook, they auto like the page of my choosing.

    However I need to make this totally transparent to the user, which presents two problems:

    1. The reason they click "on the image" is that they expect a new window to open when they do so. So when they click in the facebook iframe, I need my own link to open in a new window as well as the like function to process. I tried using onfocus to accomplish this, however that seemed to prevent the like from being generated, and also kept opening a new window every time I closed the new window, since closing the new window would bring the iframe back into focus.

    2. If someone is not logged in to facebook, FB generates a pop-up from their iframe asking them to log in. So I either need a way to prevent their iframe from generating a pop-up, or else find a way to not display their iframe if they aren't logged in.

    Any ideas how I might be able to go about doing that?
    I seem to remember seeing a post about this sort of technique on here a while ago, however I cannot find it despite much searching.
    Last edited: Nov 25, 2010
  2. RSnake

    RSnake Newbie

    Apr 21, 2011
    Likes Received:
    The short answer is probably not. There are some tricky ways to neuter parts of other domains using IE8.0's anti-XSS filter, for instance. But it's noisy and only works in some browsers. So the short answer is that probably one of the only features of Facebook that's vulnerable is the like feature.