1 Reply Latest reply on Oct 7, 2013 9:40 AM by eelsasser

    Remove Facebook Message Button

    ctsean

      Hello all - I have a locked down policy for Facebook that is restricting chat (among other things).  Unfortunately my users have figured out a work around.  If the user is logged in the "Message" button appears in the top section of the corporate profile page.  If the user clicks on it, it comes up with a defaulted recipient for the corporate profile (see screenshot).  The users have figured out that they can delete that recipient, and then type in anyone from their friends list.  If that user answers the message it creates a chat via messages session and bypasses the chat blocking controls.

       

      The Message applet this button is calling is "*.facebook.com/ajax/messaging/composer.php*".  I have blocked that link for now as a tactical solution.  My question is, does anyone have a current policy that removes the "Message" button altogether?  I would prefer if they didn't see the button versus issuing another block.  I have tried to block it by looking and restricting various HTML sections within the page, but have been unsuccessful. 

       

      I am currently running 7.2.0.2.

       

      FB-Message-Button.JPG

       

      FB-Message-Window.JPG

       

       

      Any insight would be appreciated.

      Thank you,

      -Sean

        • 1. Re: Remove Facebook Message Button

          Hi Sean,

          You would think it would be easy just to remove the html <div> element from the page as it's loading in.

          Capture.png

           

           

           

          The challenge is that the element is not static HTML from the incoming page. It is generated dynamically from the javascript after the page loads and fills out those those items dynamically by manipulating the DOM directly.

           

          We _could_ go in and start looking for the javascript objects themselves and modifying them, but that's a lot of work.

           

          The easiest thing for you to do is what you are currently. Block the POST to the composer.php, and also:

          /ajax/mercury/send_messages.php

          This will prevent the message from getting sent if they do manage to get intot he composer through another means.