Saturday, July 09, 2011


jQuery and Samsung Smart TV

Some Background
Samsung's Smart TV environment supports apps built using web technologies (html/css/javascript). It also has a proprietary browser based on Gecko called Maple.
The nice thing is that the browser supports cross site scripting (XSS) so you can easily pull data from any web service into your Samsung app running on a TV.

jQuery, Well Mostly
Samsung were also nice enough to include jQuery as a pre-installed library within the environment. Some slightly wierd syntax triggers a script to be loaded from the app's runtime environment rather than the app's own files:
<script type='text/javascript' src='$MANAGER_WIDGET/Common/jquery.js'></script>
This is all well and good, but it turns out that this version of jQuery, 1.4.2, is a little out-of-date.  If you want to take advantage of bug fixes and performance improvements a later version of jQuery should be used.
This was great, except that when I started using jQuery 1.7.1, all my $.ajax calls stopped working - in fact they were throwing a cryptic error with jqXHR.status = 0.

XSS Pitfalls and Rescues
Because XSS is supported by Samsung's embedded browser, it too me a while to identify that this was the source of the problem.  However in this case jQuery was the culprit rather that browser security.
It turns out that as of jQuery 1.5, jQuery's ajax module itself blocks XSS, irrespective of what the browser supports.
Luckily the solution is simple.  Just add the following to be called when the app loads:
 $.support.cors = true;