tag:blogger.com,1999:blog-88696062133616849922024-02-21T14:39:52.259-08:00orkut Developer BlogYou've come to the right place to learn about APIs, changes and events related to the orkut developer platform.Unknownnoreply@blogger.comBlogger74125tag:blogger.com,1999:blog-8869606213361684992.post-26983240592723101732010-04-15T21:41:00.001-07:002010-04-15T21:50:31.132-07:00We're moving!<span class="byline-author">Posted by Prashant Tiwari, Developer Programs Engineer</span><br /><br />Effective today, we’re moving this blog to the <a href="http://googlecode.blogspot.com/">Google Code blog</a>, which many of you may already be familiar with as the home to announcements and updates from several other <a href="http://code.google.com/more">Google APIs</a>. The code blog enjoys a much wider audience and we believe this transition will help us reach out to a much larger number of developers, which will further help grow the community around orkut. This blog will still be available for reference to our older posts but all the new ones will go to the new blog.<br /><br />Remember to update your bookmarks to <a href="http://googlecode.blogspot.com">googlecode.blogspot.com</a> for all major updates to the orkut development platform, and follow us on <a href="http://twitter.com/orkutdevelopers">Twitter</a> and the <a href="http://groups.google.com/group/opensocial-orkut">orkut Developer Forum</a> for all other community news, events and announcements.<br /><br />See you there!Prashant Tiwarihttp://www.blogger.com/profile/09150384823424583697noreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-8279200310825784162010-03-09T01:18:00.000-08:002010-03-11T21:34:33.474-08:00Caja Available on orkut<span class="byline-author">Posted by Jasvir Nagra (Caja) and Shishir Birmiwal (orkut), Software Engineers</span><br /><br />We are excited to announce the availability of <a href="http://code.google.com/p/google-caja/">Caja</a> (pronounced KA-hah) for orkut applications. Caja makes your gadget more secure by analyzing and rewriting it such that any exploits or vulnerabilities in your application are much less dangerous for your users. In addition, it also rewrites your gadget so it works across different browsers. For example, under Caja, it doesn't matter whether you use <span style="font-family:'courier new';">addEventListener</span> or <span style="font-family:'courier new';">attachEvent</span> — both just work!<br /><br />Caja works with your existing HTML, CSS and JavaScript — there are no new tools or programming languages or APIs for you to learn. Instead, your gadget can use any object references and orkut APIs. In order to detect vulnerabilities, Caja restricts the JavaScript accepted in a gadget to an analyzable subset. The only constructs left out of this subset, like <span style="font-family:'courier new';">with</span> and <span style="font-family:'courier new';">eval</span>, also violate JavaScript best practices. In addition, Caja provides warnings on other aspects of the code such as missing semicolons, HTML attributes that aren't recognized by browsers, and statements that have no side-effect.<br /><br />To enable Caja for your application, add the following feature entry to your app XML in <span style="font-family:'courier new';">ModulePrefs</span>:<br /><br /><span style="font-family:'courier new';"><Require feature="caja"/></span><br /><br />For example, here is a very simple gadget which makes some text bold and displays it:<br /><pre><br /><Module><br /><ModulePrefs title="Example Gadget"><br /> <Require feature="caja" /><br /></ModulePrefs><br /><Content type="html"><![CDATA[<br /> <script><br /> function inBold() {<br /> var result = document.createElement('div');<br /> result.innerHTML = "<b>" + document.getElementById("plainText").value + "</b>";<br /> document.getElementById("boldText").appendChild(result);<br /> }<br /> </script><br /> <input id="plainText" type="text" size="50" value="hello world" /><br /> <input type="button" value="Bold!" onclick="inBold();" /><br /> <div id="boldText"></div><br />]]></Content><br /></Module><br /></pre><br />Can you see the problem? Unfortunately, this gadget contains a very common XSS vulnerability. If a user enters text into the input box which contains a <span style="font-family:'courier new';"><script></span> block, either deliberately or as a result of being tricked by an attacker, the script can take control of your gadget — for example, by redirecting them to a malware site. In this example, the gadget would be vulnerable because the gadget author assigns an unsanitized string to <span style="font-family:'courier new';">innerHTML</span> and thus possibly executes some scripts embedded in the string. However, because the gadget uses Caja, such errors in quoting and sanitization don't escalate into arbitrary script executions and your users will not be exploited.<br /><br />Caja also supports Flash through a Flash bridge. Read more about the <a href="http://code.google.com/p/google-caja/wiki/FlashBridge">FlashBridge</a> or try out the <a href="http://www.orkut.com/AppInfo?appId=276945877552">sample app</a>.<br /><br />We will be introducing a badge for gadgets that use Caja, so users can more easily find them. Caja gadgets will get a boost in the app-directory rankings. So get coding and building interesting apps!<br /><br />Caja in orkut is a work in progress and we will continue to incorporate your feedback to improve it. Read the Caja <a href="http://code.google.com/p/google-caja/wiki/GettingStarted">getting-started</a> guide or visit the <a href="http://code.google.com/p/google-caja/">Caja homepage</a> for more information.Prashant Tiwarihttp://www.blogger.com/profile/09150384823424583697noreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-34316209572723916322009-11-23T00:15:00.001-08:002009-11-23T00:22:20.652-08:00Sharing on orkut just got easier!<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_eEuHGVw5WLg/SwpFfy4rMqI/AAAAAAAAAAk/jdm-zBiDdv8/s1600/share.gif"></a><span class="byline-author">Posted by Srikanth Belwadi and Siddharth Naidu, orkut team</span><div><span class="byline-author"></span><br />As part of our continous efforts towards giving orkut users more ways to share interesting content with their friends, we are happy to announce the launch of the <a href="http://code.google.com/apis/orkut/docs/orkutshareapidoc.html">orkut Share API</a>. The API allows website owners to enable their visitors to share the content on their website, with visitors' friends on orkut.</div><div><br /></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><img src="http://1.bp.blogspot.com/_eEuHGVw5WLg/SwpFX7dtfYI/AAAAAAAAAAc/DmdJ-4SHU5A/s320/share+preview.bmp" border="0" alt="" id="BLOGGER_PHOTO_ID_5407210580013317506" style="float: left; margin-top: 0px; margin-right: 10px; margin-bottom: 10px; margin-left: 0px; cursor: pointer; width: 320px; height: 273px; " /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline; "><img src="http://3.bp.blogspot.com/_eEuHGVw5WLg/SwpFfy4rMqI/AAAAAAAAAAk/jdm-zBiDdv8/s320/share.gif" border="0" alt="" id="BLOGGER_PHOTO_ID_5407210715149447842" style="float: left; margin-top: 0px; margin-right: 10px; margin-bottom: 10px; margin-left: 0px; cursor: pointer; width: 76px; height: 22px; " /></span></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 238); -webkit-text-decorations-in-effect: underline; "><span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline; "><br /></span></span></div><div><br /></div><div><br /></div><div>Users can share the content and optionally promote it to make recommendations to their friends, which then appears in their activity updates. Every such shared item has the potential to spread virally and get wider attention from orkut users, increasing the traffic to the website.</div><div><br /></div><div>Web publishers can post orkut share buttons like the one above on their page using a simple JavaScript library. We also support the JavaScript and HTTP APIs for a more direct interaction of sharing-related UI actions with the server. These options combine to give web publishers, flexibility in the way sharing features are implemented. The user experience remains consistent and secure in each case. </div><div><br /></div><div>Some of our early access developers like <a href="http://addthis.com/">addthis.com</a>, have already started supporting orkut in their list of services. If your website has implemented sharing functionality using the 'addthis' button, you can simply configure orkut in the <a href="http://addthis.com/help/destinations">destination network list</a>. </div><div><br /></div><div>Details of orkut share API and sample code can be found <a href="http://code.google.com/apis/orkut/docs/orkutshareapidoc.html">here</a>. </div><div><br /></div><div>So spread the word, have fun sharing!</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-4223567459993576922009-11-02T22:58:00.000-08:002009-11-03T02:54:22.927-08:00The new orkut - more for apps!<span class="byline-author">Posted by Ridhima Kedia and Shishir Birmiwal, Software Engineers</span><br /><br /><div> We just launched a faster, richer and more intuitive experience on the <a href="http://en.blog.orkut.com/2009/10/introducing-new-version-of-orkut-fun.html">new orkut</a>. You need an invite to see the new orkut - we will send out invites to developers this week. </div><div><br /></div><div>OpenSocial applications take center stage as part of this redesign. You can now customize your 'About me' section with OpenSocial apps and even make your favorite app the default view for 'About me'. When your friends visit your profile, your app will showcase your personality (whether your daredevil race car avatar or your smiley face today). Apps on profile view also move above the fold and have a larger area for display.</div><br /><div></div><div>Few tips to leverage the redesign - </div><br /><div>1. Currently we support a small profile view size of 540 x 280. With the redesign you have a wider profile view size of 660 x 225. As we roll out the new orkut, both these views will be supported. To take advantage of this, you can add another profile view using the view name profile660.</div><br /><div> </ModulePrefs><br /><Content type="html" view="profile660"><br /><![CDATA[<br /><h1>Profile view for the new orkut!</h1><br />]]><br /></Content></div><br /><div></div><div>For users with the new orkut, the new profile view will be used, while old users continue to see the old view. Currently the new orkut supports both views, but as the redesign rolls out fully, the new view (profile660) will be standard and the old view (profile) will be phased out.</div><br /><div></div><div>2. Build a profile view that allows users to showcase their personality. If your app is a game, let the users showcase their high scores in profile view. If your app promotes self expression, then let users pick the expression they want to showcase on profile view. </div><br /><div></div><div>The new orkut is a work in progress - we will continue to act on user feedback to improve it even more. OpenSocial apps are a key part of our strategy and you will see this reflecting in many parts of the new orkut going forward.</div><div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-18802263023923704842009-10-21T13:08:00.000-07:002010-04-13T02:39:14.316-07:00Announcing chat gadgets in the orkut sandbox<span style="font-size:small;"></span><div style="font-family:Verdana,sans-serif;"><span style="font-size:small;">Posted by Moishe Lettvin, Software Engineer</span><br /></div><br /><div style="font-family:Verdana,sans-serif;"><span style="font-size:small;">Today we're enabling "Chat Gadgets" in the orkut sandbox. This feature allows you to share gadgets with your friends and interact in real time in the gadget itself. The gadget will appear in a window in the lower-right corner of the screen, like a chat window. Gadgets in this container support the gadgets.sharedstate API</span><span style="font-size:small;"> which allows developers to share transmit data between gadgets running on different machines with low latency and with no server support necessary by the gadget author. We think this is a great place to use simple, transient gadgets -- the most obvious is casual two-player games but there are lots of other possibilities; for instance, one of the samples is a translation gadget.</span><br /></div><br /><div class="separator" style="clear: both; text-align: center;font-family:Verdana,sans-serif;"><span style="font-size:small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOT3UXfbNRQweYoBGHr_X_7e_BfqPdGlbGGv3WD9HkUJXKDPTSPZci3uCNToxpYmX0TGuVhPyr2aKmbokpOD5XyuPR6evzLHJWE3Wc5Vol3Ynwdv_jNm_9aUp4iRUEV9pvjrdUGodFatc/s1600-h/Podium+image.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOT3UXfbNRQweYoBGHr_X_7e_BfqPdGlbGGv3WD9HkUJXKDPTSPZci3uCNToxpYmX0TGuVhPyr2aKmbokpOD5XyuPR6evzLHJWE3Wc5Vol3Ynwdv_jNm_9aUp4iRUEV9pvjrdUGodFatc/s400/Podium+image.png" /></a></span><br /></div><br /><div style="font-family:Verdana,sans-serif;"><span style="font-size:small;">To use this feature, both accounts must be on the orkut sandbox. Under the "Video & More" menu in a chat window, select "Start Application" and you'll get a text box where you can type in the URL of a gadget to send, as well as a list of gadgets you've recently sent or received. When you select a gadget to send, your friend will see a verification message, and when they accept, you'll both see the gadgets in new popup windows in the lower-right of your screen.</span><br /></div><div style="font-family:Verdana,sans-serif;"><br /></div><div style="font-family:Verdana,sans-serif;"><span style="font-size:small;">We plan to open this feature up to users on production orkut early in 2010 but wanted to give our developers a sneak peek and a chance to start writing gadgets now.</span><br /></div><div face="Verdana,sans-serif"><br /></div><div face="Verdana,sans-serif"><span style="font-size:small;">See <a href="http://code.google.com/apis/orkut/docs/orkutrtg.html">here</a></span><span style="font-size:small;"> for documentation and examples about the gadgets.sharedstate feature.</span><br /></div><div face="Verdana,sans-serif"><br /></div><div style="font-family: Verdana,sans-serif;"><span style="font-size:small;">We will strictly enforce the use of <a href="http://code.google.com/p/google-caja/">Caja</a></span><span style="font-size:small;"> for the production release of this feature. We don't enforce Caja for Chat Gadgets running in the orkut sandbox, but we recommend you add the <require feature="caja"> line to your gadget ModulePrefs to ensure that your gadget works with Caja.</require></span><br /></div><div style="font-family: Verdana,sans-serif;"><br /></div><div style="font-family: Verdana,sans-serif;"><span style="font-size:small;"><require feature="caja">If you have questions or comments about the API or plans for this feature please ask them on the <a href="http://groups.google.com/group/opensocial-orkut">orkut developer forum</a>.<br /></require></span><br /></div><div style="font-family: Verdana,sans-serif;"><span style="font-size:small;"><b>Update (04/12/2010):</b> Our team decided to stop working on the gadgets.sharedstate API. The sandbox and the test harness will be shut down soon. Thanks for giving it a try.</span><br /></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-85080260182686762422009-06-23T20:11:00.000-07:002009-06-24T01:12:33.708-07:00App URL migration tool available<span class="byline-author">Posted by Shishir Birmiwal, Software Engineer</span><br /><br />We're glad to announce the availability of the app URL migration tool. There are instances when you need to change the URL for your app XML file - this tool will help you do this without affecting existing users of your app. <div><br /></div><div>In order to use the tool, here are some requirements - </div><div>1. You must have claimed ownership of the existing app. </div><div> To claim ownership of an app, visit http://www.google.com/gadgets/directory/verify </div><div>2. You be logged in with the account with which you claimed ownership. </div><div>3. The existing app must be a featured app on Orkut. </div><div>4. The new application URL must NOT have been used as an app on ANY google container -- including orkut, iGoogle, etc. </div><div> Note: This is very important, otherwise the migrate request will fail. It is recommended that you create an absolutely new and unique URL when migrating. Unfortunately, this also means that you cannot test the new app URL on sandbox before issuing a migrate request. </div><div><br /></div><div>Steps to use the tool -</div><div>1. Visit http://sandbox.orkut.com/AppUrlMigrate.aspx </div><div>2. Type in your existing app url and the new URL to migrate to. </div><div>3. Check the exisiting and new app URLs. (see attached screen shot) </div><div>4. Double check - (you really don't want a typo in the new URL). </div><div>5. Hit the submit button. </div><div>6. A migration confirmation message will appear. </div><div>7. The migration changes will propagate through caches and will be live in 24 hours. </div>Caution: If you use the same existing app URL on any other google property, this migration request will have an effect on the other property.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-46169949250156880662009-05-25T00:44:00.000-07:002009-05-25T00:49:51.541-07:00Announcing view parameters from OS templates<span class="byline-author">Posted by Apurv Gupta, Software Engineer</span><br /><br />We're glad to announce support for view parameters in osx:NavigateToApp. Using view parameters you can customize your canvas page view based on what the user clicked on the profile view.<br /><br />Here's how you can use view parameters from OS templates in profile view.<br /><osx:NavigateToApp params="{a:b}">Goto Canvas</osx:NavigateToApp><br /><br />You can get the view params in canvas page as before.<br />var prefs = gadgets.views.getParams();<br /> if (prefs['a'] = 'b') {....<br /><br />This is currently available on sandbox.orkut.com and will be available on orkut.com in a few weeks. Since this is an important feature, we are extending the deadline for existing apps on profile view to make the switch to templates to 15th June, 2009. After that date, all apps not using templates will be removed from profile view.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-29830322806353566372009-05-01T06:34:00.000-07:002009-05-01T06:47:26.525-07:00Profile views are back!<span class="byline-author">Posted by Rahul Kulkarni, Product Manager</span><br /><br /><div>We're happy to announce that applications that use server-side <a href="http://orkutdeveloper.blogspot.com/2009/03/using-templates-and-data-pipelining-for.html">templates and data pipelining</a> now show up in the profile view on orkut. Data pipelining allows you to specify the data that you want to use in your application, while templates let you describe how to render the app. If you haven't already, you can get started creating your profile views with templates and data pipelining using this <a href="http://wiki.opensocial.org/index.php?title=Building_a_simple_app_using_OpenSocial_Templates">tutorial</a>. </div><div><br /></div><div>As you may remember, we had temporarily <a href="http://orkutdeveloper.blogspot.com/2009/02/opensocial-applications-on-orkut.html">disabled</a> profile views for OpenSocial applications on orkut to help prevent the phishing attacks occurring in a small subset of applications. The addition of template values, which are HTML-escaped by design, will help reduce applications' vulnerability to issues like XSS moving forward. Enabling data pipelining and templates also reduces the number of round trips between orkut and your server, making your application render faster.</div><div><br /></div><div>For all of you with applications that currently show up in profile view without templates, you'll have until May 31st to make the switch. After that date, all apps not using templates will be removed from profile view.</div><div><br /></div><div>We know that it's not easy to make changes to your applications and would like to thank you for the patience and support that you've shown. We're confident that these changes will improve the apps experience for orkut users.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-27798046756191046752009-04-06T22:03:00.000-07:002009-04-06T22:13:00.008-07:00Server protocol signing changes<span class="byline-author">Posted by Vijaya Machavolu, orkut team</span><br /><br />For developers using the REST and RPC endpoints to access the social data on orkut, we'd like to announce the following alterations we've made to the underlying implementation:<br /><ul><li>We now require the content-type header of the requests to be application/json instead of application/x-www-form-urlencoded </li></ul><ul><li>We have added a new method for signing the request using body hashes.</li></ul>For more details, please see the <a title="post on the opensocial blog" href="http://blog.opensocial.org/2009/04/important-oauth-signing-changes-coming.html" id="uez5">post on the OpenSocial blog</a><a href="http://blog.opensocial.org/2009/04/important-oauth-signing-changes-coming.html">.</a><br /><br />As always, if you have any questions or just want to chat about the platform, the <a href="http://groups.google.com/group/opensocial-orkut/topics" target="_blank">developer forum</a> is always available.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-38716024332150700332009-03-06T02:48:00.000-08:002009-03-06T03:00:37.425-08:00Using templates and data pipelining for app profile view<span class="byline-author">Posted by Vijaya Machavolu, orkut team</span><br /><br /><div> We're excited to <a href="http://opensocialapis.blogspot.com/2009/03/test-drive-data-pipelining-and.html" id="lln2" title="announce">announce</a> the availability of server-side OS templates and data pipelining on the orkut sandbox. Data pipelining allows you to specify the data you want to use in your app, while templates let you describe how to render the app - all using a markup language (that's right, no JavaScript!). Using data pipelining and templates will reduce the number of round trips between the container and your server, making your app render faster. Moreover, template values are HTML-escaped thus plugging many XSS vulnerabilities automatically. </div> <div> <br /> </div> <div> Since the profile view of an app doesn't require interactivity, server-side OS templates and data pipelining are a good fit for this view. We will soon be rendering apps that use these templates in the profile page. Our goal is to eventually allow only server-side OS templates in the profile view and at that point, all other active content including JavaScript and Flash will be stripped out when displaying the profile view of an app. We are confident that by leveraging these features, you will generate more usage for your apps, with reduced latency and make them safer for users.<br /> <br /></div> <div> <div> </div> </div> <div> <div style="margin-top: 0px; margin-bottom: 0px;"> <div style="margin-top: 0px; margin-bottom: 0px;">These new features are currently available on the orkut sandbox, so you can start developing with them today. For more information (including examples), please see the <a href="http://wiki.opensocial.org/index.php?title=OpenSocial_Templates_Developer%27s_Guide" id="n_mu" style="color: rgb(85, 26, 139);" title="OpenSocial templates developer's guide">OpenSocial Templates Developer's Guide</a> , the <a href="http://wiki.opensocial.org/index.php?title=OpenSocial_Templates" id="okwf" style="color: rgb(85, 26, 139);" title="OpenSocial Templates Tutorial">OpenSocial Templates tutorial</a> and the <a href="http://wiki.opensocial.org/index.php?title=Data_Pipelining" id="tdqb" style="color: rgb(85, 26, 139);" title="Data Pipelining Tutorial">Data Pipelining tutorial</a>. We know that OS templates are currently missing some capabilities that are required to build good profile views. At the top of our list are support for os:NavigateToView and ability to interpret JSON appdata. We'll be adding them soon. </div> <div style="margin-top: 0px; margin-bottom: 0px;"> <br /> </div> </div> </div> <div> Do check them out and give us your feedback.<br /> </div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-53924920588648532892009-02-10T10:55:00.000-08:002009-02-10T11:00:06.101-08:00Get the picture!<span class="byline-author">Posted by Jason Cooper, orkut team</span><br /><br />Late last week, we added API support for fetching albums and photos via apps running in the sandbox. Now your applications can request and display the viewer's public albums, enabling you to create an even richer, personalized experience for users.<br /><br />To help you get started, we have published a <a href="http://code.google.com/apis/orkut/articles/albums/">tutorial</a> which describes the new API calls available and how to use them. An <a href="http://wiki.opensocial.org/index.php?title=Albums_API_Reference_(v0.9)">API reference</a> is also available on the OpenSocial wiki.<br /><br />Since the Albums API is only available on the sandbox for now, please hold off on submitting your apps to the directory if they depend on this API. We will publish a new post when the Albums API is generally available.<br /><br />Learn more about how Google is using OpenSocial and other technologies to make the web social at <a href="http://code.google.com/events/io/">Google I/O</a>, Google's annual developer conference, coming up in May. Early registration is now open.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-22804313704295552792009-02-05T17:01:00.000-08:002009-02-05T17:32:03.175-08:00OpenSocial Applications on orkut profilesPosted by Vijaya Machavolu, orkut team<br /><br />The orkut team is aware that a small subset of OpenSocial applications are being used to spread phishing attacks to orkut users. In order to ensure that we maintain our rigorous security standards, we have temporarily removed all applications from users' profile pages.<br /><br />The functionality of these applications will not be affected. We're working on bringing these applications back to users' profile pages as quickly as possible, and applications will begin to reappear as this process continues.<br /><br />Users can still access applications from the left nav bar and open them in canvas view. Applications will also continue to have access to the same API, allowing them to send messages and post updates to activity streams. We have found these to be the main drivers of application usage and believe that applications should continue to enjoy the same popularity.<br /><br />This is the first step we're taking to help make applications safer and faster for our users. We'll be sure to keep you posted about these changes, so please stay tuned for updates. To learn more about building safe applications for orkut, please check out <a href="http://orkutdeveloper.blogspot.com/2009/01/building-safe-orkut-apps.html">this blog post</a> or visit the <a href="http://groups.google.com/group/opensocial-orkut/topics?pli=1">developer forum</a>.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-15363218794839580492009-01-28T00:22:00.000-08:002009-01-28T00:46:44.151-08:00Platform Updates<span class="byline-author">Posted by Vijaya Machavolu, orkut team</span><br /><br />Here are some updates from the past week :<br /><br />An orkut user's political views field (opensocial.Person.Field.<div id=":213" class="ArwC7c ckChnd"><wbr>POLITICAL_VIEWS) will no longer be returned as a part of the Person data in the OpenSocial APIs. We have removed this field because of the classification of political views as sensitive information in some jurisdictions.<br /><br />The REST and RPC support which was originally<a href="http://orkutdeveloper.blogspot.com/2008/12/rest-and-rpc-protocols-available-on.html" target="_blank"> introduced on the sandbox </a>is now available in production on <a href="http://www.orkut.com/" target="_blank">www.orkut.com</a>. Now you can make REST calls to orkut using the endpoint : <a href="http://www.orkut.com/social/rest/" target="_blank">http://www.orkut.com/social/<wbr>rest/</a> and RPC calls using the endpoint: <a href="http://www.orkut.com/social/rpc/" target="_blank">http://www.orkut.com/social/<wbr>rpc/</a><br /><br />Please see the <a href="http://code.google.com/apis/orkut/docs/rest/developers_guide_protocol.html" target="_blank">orkut Server to Server developers' guide</a><a href="http://code.google.com/apis/orkut/docs/rest/developers_guide_protocol.html"> </a>for details on using REST to retrieve orkut data from an external server.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-5308978752859752022009-01-26T11:43:00.000-08:002009-01-26T12:04:33.051-08:00J2Play– helping to make your applications more socialWe're constantly looking for ways to help you create the best applications for orkut users. The success of OpenSocial applications on the orkut platform is often tied to how social they are. Recently, we were contacted by the folks at J2Play about a tool they are offering that's designed to add social elements to your apps. While we don't specifically endorse the tools that we highlight here in the blog, we thought enough of you might be interested in this resource that it would be worth sharing. Check it out:<br /><br /><span style="font-weight: bold;">J2Play's Social Games Platform</span><br /><br />J2Play's Social Games Platform helps flash and PC game developers quickly and easily add social features to their games. Here are some highlights of the platform:<br /><br /><ul><li> Over seven simple social features (including chat, profiles, and comments) that you can add to your app without having to worry about any additional coding</li><li>Ability for your app to automatically generate feeds, notifications, invites, and a profile box</li><li>Membership in the J2Play social games network, designed to help your app spread virally</li><li>More than five engagement features including leaderboards, player badges, challenges, multi-player mode, and the ability to earn money via ad revenue<br /></li></ul><br />FancyPants Adventure is just one example of a game that used the J2Play platform to add features like leaderboards and player badges in order to become more social and in turn create a richer and more engaging experience for its users. Check out a screenshot to see these additions in action:<br /><br /><div style="text-align: center;"><a href="http://apps.new.facebook.com/fpaworldtwo/" style="border-bottom: 1px solid rgb(207, 226, 229); text-decoration: none; color: rgb(66, 99, 171);" target="_blank"><img alt="" src="http://j2play.files.wordpress.com/2008/11/fpss4.png?w=475&h=346" style="border-style: none; border-width: 0px; margin: 0px; padding: 0px;" title="fpss4" height="346" width="475" /></a><br /></div><br />To learn more about J2Play, take a look at the <a href="http://developer.j2play.net/wiki/index.php/J2Play_Developer_Site">developer wiki</a> they've created. You can also feel free to contact the folks at J2Play with any additional questions you might have at: <a href="developer@j2play.net">developer@j2play.net</a>.<br /><br />Do you have tools, tips or tricks that you think other developers could benefit from? If so, please feel free to let us know.<br /><br />Hope you found this post informative, and we're looking forward to seeing your apps become even more social!<br /><br />Posted by Miles Johnson, Marketing Manager.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-54044142061031257832009-01-20T18:46:00.000-08:002009-01-20T18:50:27.885-08:00Building safe orkut apps<span class="byline-author">Posted by Vijaya Machavolu, orkut team</span><br /><br />Late last month, we added an <a href="http://code.google.com/apis/orkut/articles/applifecycle/applifecycle-0.8.html">article</a> describing the lifecycle stages of a typical orkut application. Among other things, this article includes an elaborate section which details the process of <a href="http://code.google.com/apis/orkut/articles/applifecycle/applifecycle-0.8.html#testing">testing applications</a> before submitting them to the directory. This section identifies several common mistakes and how to avoid them.<br /><br />In particular, applications are often cited for not escaping user-submitted data, which typically results in XSS vulnerabilities. These vulnerabilities allow malicious users to effectively hijack your application, redirecting your users to phishing sites or worse. Be sure to read the section titled "<a href="http://code.google.com/apis/orkut/articles/applifecycle/applifecycle-0.8.html#xss">Identifying and plugging security vulnerabilities</a>" before submitting your apps. Addressing these security holes in your apps should prevent any unwanted attacks from malicious users. It should also avoid interruption of service of your app since apps with such vulnerabilities will be removed from the directory immediately.<br /><br />As always, if you find any issues or just want to chat about the platform, the <a href="http://groups.google.com/group/opensocial-orkut/topics">developer forum</a> is always available. <a href="http://orkutdeveloper.blogspot.com/2008/06/introducing-formal-irc-office-hours.html">IRC office hours</a> are scheduled every week as well, so stop on by!Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-22170047839302311052008-12-19T15:48:00.000-08:002008-12-19T17:47:57.921-08:00REST and RPC protocols available on the sandbox<span class="byline-author">Posted by Jason Cooper, orkut team</span><br /><br />Since the orkut application platform's April rollout, developers have been able to build applications on top of orkut user data using the OpenSocial JavaScript API. Version 0.8 of the OpenSocial specification added <a href="http://www.opensocial.org/Technical-Resources/opensocial-spec-v081/restful-protocol">REST</a> and <a href="http://www.opensocial.org/Technical-Resources/opensocial-spec-v081/rpc-protocol">RPC</a> protocols, which enable developers to build applications that interact with OpenSocial containers over HTTP.<br /><br />Today, I'm pleased to announce the availability of REST and RPC protocols in the <a href="http://sandbox.orkut.com">orkut sandbox</a>. Currently, these APIs can fetch profile information and app data as well as update app data, and more features are planned.<br /><br />(Note: The REST and RPC protocols allow for the same operations, but the RPC protocol supports submitting multiple data requests in one container request, similar to the existing JavaScript API, which results in faster and more efficient applications.)<br /><br />All REST and RPC requests must be digitally signed by the issuer, which allows orkut to verify that they are coming from a trusted application. Generating these signatures requires a secret key, which is known only to you and orkut. You can request a secret key by submitting a gadget URL to <a href="https://www.google.com/gadgets/directory/verify">https://www.google.com/gadgets/directory/verify</a> and verifying ownership of this gadget. More information on this process and authentication in general is available in the new <a href="http://code.google.com/apis/orkut/docs/rest/developers_guide_protocol.html">REST Protocol Developer's Guide</a>.<br /><br />Last but not least, a set of client libraries have been made available for <a href="http://code.google.com/p/opensocial-php-client/">PHP</a>, <a href="http://code.google.com/p/opensocial-java-client/">Java</a>, <a href="http://code.google.com/p/opensocial-ruby-client/">Ruby</a>, and <a href="http://code.google.com/p/opensocial-python-client/">Python</a> to simplify development using these new protocols. The libraries provide a convenient wrapper for the underlying low-level APIs and abstract away the tedious tasks of constructing the request URL, signing the request, and parsing the returned data. For more on these libraries, please see the <a href="http://opensocialapis.blogspot.com/2008/12/opensocial-now-friends-with-php-java.html">official announcement</a> on the OpenSocial API blog.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-22957988337182348162008-11-14T17:37:00.000-08:002008-11-14T17:41:59.577-08:00Announcing v0.8 JavaScript support on production<span class="byline-author">Posted by Jason Cooper, orkut team</span><br /><br />v0.8 of the OpenSocial JavaScript API is now live on <a href="http://www.orkut.com">www.orkut.com</a>. Apps built with the newest version of the API will now be accepted into the directory for all orkut users to install and use.<br /><br />Originally pushed to the sandbox <a href="http://orkutdeveloper.blogspot.com/2008/09/posted-by-jason-cooper-orkut-team-three.html">in September</a>, this initial release of the updated API includes support for the latest request syntax (e.g. the opensocial.IdSpec object), but other features such as lifecycle events and extended network distance are not yet available.<br /><br />Please see the <a href="http://code.google.com/apis/orkut/docs/orkutdevguide.html">updated Developer's Guide</a> and <a href="http://code.google.com/apis/opensocial/articles/">article list</a> for more on developing using v0.8 and post any questions and bug sightings to the <a href="http://groups.google.com/group/opensocial-orkut/">Developer Forum</a> and <a href="http://code.google.com/p/opensocial-resources/wiki/IssuesTab?tm=3">issue tracker</a> respectively.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-79187923383126008962008-11-07T21:57:00.000-08:002008-11-07T21:58:43.854-08:00Sandbox update<span class="byline-author">Posted by Jason Cooper, orkut team</span><br /><br />There were no sandbox updates this week. Stay tuned for more news next week.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-31851143943039021452008-10-31T18:03:00.000-07:002008-10-31T18:04:58.663-07:00Sandbox update<span class="byline-author">Posted by Jason Cooper, orkut team</span><br /><br />This week, we closed <a href="http://code.google.com/p/opensocial-resources/issues/detail?id=365">issue 365</a>. Applications with multiple <code>Optional</code> elements no longer trigger errors on install.<br /><br />In other news, the <a href="http://code.google.com/apis/orkut/docs/orkutdevguide.html">orkut Developer Guide</a> was updated this week for v0.8 of the OpenSocial JavaScript API which is currently available in the sandbox. In addition to up-to-date code samples, the revised guide also includes a new section on application "chrome" and expands on steps to disable caching as well as orkut's application activity/update policy.<br /><br />Enjoy!Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-70726786303627192762008-10-25T01:08:00.000-07:002008-10-25T01:12:18.762-07:00Sandbox update<span class="byline-author">Posted by Jason Cooper, orkut team</span><br /><br />This past week saw one notable bug fix relating to character encoding in Internet Explorer. Specifically, applications depending on message bundles with accented characters from the UTF-8 set were being replaced with question marks when rendered in Internet Explorer 6 and 7. A fix was pushed to both production and the sandbox on Wednesday.<br /><br />That rounds out the sandbox news for the week. As always, please drop by the <a href="http://groups.google.com/group/opensocial-orkut/">Developer Forum</a> to chat about the platform. An <a href="http://code.google.com/p/opensocial-resources/wiki/IssuesTab?tm=3">issue tracker</a> is also available for reporting any new bugs you happen to find.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-68670179259072405512008-10-17T18:23:00.000-07:002008-10-17T18:29:01.586-07:00Sandbox update<span class="byline-author">Posted by Jason Cooper, orkut team</span><br /><br />There were a number of notable sandbox updates this past week:<ul><li>The bug behind <a href="http://code.google.com/p/opensocial-resources/issues/detail?id=352">issue 352</a> has been resolved. Flash-based orkut applications now work with the Flash 10 plugin released earlier in the week.</li><li>Requests for PROFILE_URL are now returning the absolute path of the profile in line with the behavior in production orkut. This fix resolves two separate issues, one where the PROFILE_URL was returning a relative profile path and, more recently, undefined.</li><li><a href="http://orkutdeveloper.blogspot.com/2008/05/new-users-and-new-interactions.html">opensocial.requestSendMessage</a> is now functioning correctly. Previously, no message dialog was appearing when the method was invoked in the sandbox.</li></ul>If you find any more issues or just want to chat about the platform, the <a href="http://groups.google.com/group/opensocial-orkut/">Developer Forum</a> is always available. <a href="http://orkutdeveloper.blogspot.com/2008/06/introducing-formal-irc-office-hours.html">IRC office hours</a> are scheduled every week as well, so stop on by!Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-62840183968830918942008-10-10T22:39:00.000-07:002008-10-10T22:46:31.170-07:00Sandbox update<span class="byline-author">Posted by Jason Cooper, orkut team</span><br /><br />This week's sandbox push fixed a couple of issues, namely:<br /><ul><li>v0.7 applications running in the sandbox profile view are now loading when v0.8 apps are also installed. Previously, this triggered an "opensocial.DataRequest.PersonId is not defined" error which prevented v0.7 apps from using the OWNER and VIEWER constants.</li><li>Applications no longer have to be refreshed one or more times before owner and viewer data is available in the sandbox—OWNER and VIEWER data is now available immediately after adding the app.</li></ul>As always, please stop by the <a href="http://groups.google.com/group/opensocial-orkut/topics?gvc=2">orkut Developer Forum</a> with any questions and feedback. And feel free to stop by the OpenSocial IRC channel (irc://irc.freenode.net/opensocial) during our <a href="http://orkutdeveloper.blogspot.com/2008/06/introducing-formal-irc-office-hours.html">office hour block</a> on Tuesdays and Thursdays to chat with the team.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-86146053256118638712008-10-03T22:29:00.000-07:002008-10-03T22:35:40.338-07:00Sandbox update<span class="byline-author">Posted by Jason Cooper, orkut team</span><br /><br />Sandbox update<br /><br />There were no sandbox updates this week, but several changes are in the pipeline for next week, so stay tuned!Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-28285576019462595322008-09-26T13:57:00.000-07:002008-09-26T15:12:08.289-07:00Sandbox update<span class="byline-author">Posted by Lane LiaBraaten, orkut team</span><br /><br />The bug that was preventing your apps from writing to the app data store (<a href="http://code.google.com/p/opensocial-resources/issues/detail?id=336">Issue 336</a>) has now been fixed, so your newUpdatePersonAppDataRequests on the sandbox will work again.<br /><br />We've also updated the request prefetcher to work with v0.8 requests. To get the most benefit from the prefetcher, be sure to batch all your requests into a single DataRequest object. You can find more info on the prefetcher in <a href="http://code.google.com/apis/orkut/articles/latency.html#prefetch">this article</a>.<br /><br />Note that both these changes affect the opensocial-0.8.js file, so you may need to refresh the version of this file that is cached by your browser. You can find the exact URL of this file in Firebug's 'Net' tab when you load your app.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8869606213361684992.post-68122063727788426792008-09-18T19:29:00.000-07:002008-09-18T19:31:26.080-07:00Sandbox update<span class="byline-author">Posted by Lane LiaBraaten, orkut team</span><br /><br />This week we fixed <a href="http://code.google.com/p/opensocial-resources/issues/detail?id=168">issue 168</a> so that opensocial_viewer_id is not included in makeRequest calls if the viewer doesn't have the app installed.<br /><br />We've also enabled self-service signups on the orkut sandbox. New developers can now go to <a href="http://sandbox.orkut.com/SandboxSignup.aspx">http://sandbox.orkut.com/SandboxSignup.aspx</a> to sign up for the sandbox and start building apps right away.Unknownnoreply@blogger.com