Click here to Skip to main content
15,356,705 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Let me ask you an abstract question.
When I post a comment on YouTube, it works with ajax. If you look at the network, you will see a lot of data. What does all of that mean? In addition, the form, submit, and input type hidden to contain these elements are not visible. Is there another way to send these elements to the server without a form element? I see this as a security technique on YouTube.
Thanks for your time..

What I have tried:

{"context":{"client":{"hl":"ko","gl":"KR","remoteHost":"49.168.173.195","deviceMake":"","deviceModel":"","visitorData":"Cgt6M0ljaFJRNUd2QSia9NCSBg%3D%3D","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36,gzip(gfe)","clientName":"WEB","clientVersion":"2.20220406.09.00","osName":"Windows","osVersion":"10.0","originalUrl":"https://www.youtube.com/","platform":"DESKTOP","clientFormFactor":"UNKNOWN_FORM_FACTOR","configInfo":{"appInstallData":"CJr00JIGEPCCrgUQmOqtBRDD8q0FELfLrQUQ1IOuBRDmh64FENi-rQUQkfj8Eg%3D%3D"},"timeZone":"Asia/Seoul","browserName":"Chrome","browserVersion":"100.0.4896.75","screenWidthPoints":1859,"screenHeightPoints":549,"screenPixelDensity":1,"screenDensityFloat":1,"utcOffsetMinutes":540,"userInterfaceTheme":"USER_INTERFACE_THEME_LIGHT","connectionType":"CONN_CELLULAR_4G","memoryTotalKbytes":"8000000","mainAppWebInfo":{"graftUrl":"https://www.youtube.com/watch?v=bZdG-GF9-q4","pwaInstallabilityStatus":"PWA_INSTALLABILITY_STATUS_UNKNOWN","webDisplayMode":"WEB_DISPLAY_MODE_BROWSER","isWebNativeShareAvailable":true}},"user":{"lockedSafetyMode":false},"request":{"useSsl":true,"internalExperimentFlags":[],"consistencyTokenJars":[]},"clientScreenNonce":"MC4yMTg3ODE5MTQyMDA2MjQy","clickTracking":{"clickTrackingParams":"CN8BEPBbIhMI5unfup6M9wIVzUr1BR36gAXj"},"adSignalsInfo":{"params":[{"key":"dt","value":"1649687072164"},{"key":"flash","value":"0"},{"key":"frm","value":"0"},{"key":"u_tz","value":"540"},{"key":"u_his","value":"8"},{"key":"u_h","value":"1080"},{"key":"u_w","value":"1920"},{"key":"u_ah","value":"1050"},{"key":"u_aw","value":"1920"},{"key":"u_cd","value":"24"},{"key":"bc","value":"31"},{"key":"bih","value":"549"},{"key":"biw","value":"1843"},{"key":"brdim","value":"10,5,10,5,1920,0,1875,1030,1859,549"},{"key":"vis","value":"1"},{"key":"wgl","value":"true"},{"key":"ca_type","value":"image"}]}},"createCommentParams":"EgtiWmRHLUdGOS1xNCoCCABQBw%3D%3D","commentText":"hello"}
Posted
Updated 11-Apr-22 5:44am
v2

1 solution

A lot of the data that you're seeing there will be internal information which is useful to YouTube (for example, pwaInstallabilityStatus indicates whether the device can install the site as a PWA), and chances are most of it is going to be meaningless to you. Some of the data may also be verification (such as CSRF token) to make sure the request is coming from a reliable source. We're not really meant to know what it means, though some of it you can work out yourself.

As for not using a form element, that's because that content has been encoded to JSON. What YouTube has probably done is used Javascript to pull in the comment text, then formulated a JSON request for the server-side. This is a very common practise in web development, with the advent of single-page applications it's become more of a common practise to use JSON/REST for frontend/backend communication.

In Javascript it's extremely easy to produce a request like that:

JavaScript
const object = {
  name: "Joe Bloggs",
  age: 198,
  occupation: "Abstract Being"
};

const payload = JSON.stringify(object);
console.log(payload);

// {
//   "name": "Joe Bloggs",
//   "age": 198,
//   "occupation": "Abstract Being"
// }


A page which might provide some more information on JSON requests: Using the Fetch API - Web APIs | MDN[^]
   
v2
Comments
Chopin2001 11-Apr-22 12:37pm
   
I don't think there is a better answer. My doubts have been cleared. thank you.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900