FBML 1.1
by Charlie Cheever - August 14, 2007 at 9:30pm

Today we are making a change that has to do with both technology and the philosophy behind the Facebook Platform.

One of the key parts of the success of the design of the Facebook profile is that the user is always aware of exactly what their profile looks like to their friends who stop by to view their profile. This enables users to understand exactly how they are expressing themselves to others by simply deciding whether or not they like an application's profile box and the content that the developer has decided to put into the box.

Right now, we have made a few FBML tags available that are causing users to not trust the content in the profile box. Tags such as: fb:if-user-has-added-app, and other fb-if tags. These tags are currently being used to deliver content to profile boxes which users are unaware of. Content such as big yellow boxes which say "ADD THIS APPLICATION!" or "ADD SOME OTHER APPLICATION!".

Starting today, these tags will no longer be available for use in profile boxes. We will be migrating FBML to version 1.1, and adding a new set of tags called fb:visible-to-. They are:

fb:visible-to-owner
fb:visible-to-friends
fb:visiible-to-user
fb:visible-to-added-app-users
fb:visible-to-app-users

As a side note, you can add a bgcolor attribute to any of these tags, but they must use solid colors from this list:
http://www.w3schools.com/css/css_colornames.asp

The semantics of these tags are a little tricky, so please read this section carefully.

Everything inside an fb:visible-to- tag is always rendered for every user that views it and is enclosed in a span. If the viewing user is in the set of users that the content should be visible to, then the span will be: <span> style="visibility: visible;"> ... </span>. Otherwise, the span will be: <span style="visibility: hidden;"> ... </span>

Additionally, the profile owner is always in the set of users that the content is visible to. So, the result of this is that the profile owner should always see all of the content that could show up on his/her profile to any viewer. This means that profile owners will always know about advertisements or other more malicious things ("Pictures of Alice that She Doesn't Want You To See", etc.)

An example of where using an fb:visible-to- tag would make a lot of sense to use would be on a wall-like app where the profile owner needs to be able to delete any post on a wall, and individual posts should generally be deleteable by the person who made them. This could be accomplished by putting the delete links inside a tag like <fb:visible-to-user uid="{person who wrote the wall post}">.

Consequently, it will no longer be possible to use the profile boxes as a place where you can securely distribute private information to anyone including the profile owner. This is because all content is always being sent to the browser -- some of it will be made invisible using CSS, but that content is still accessible to anyone who views the source of the page. If you have content that you want to keep private to only some users, then you will need to move that content to a canvas page.

Note that the following tags are NOT considered fb:if- tags and will still be allowed in profile boxes:

fb:narrow
fb:wide
fb:user

It is important to remember, you should almost always distribute the exact same content to the profile box that you would want both the user and their friends to see. This makes it easy for the user to understand what the profile box, and the content inside the box, looks like to everyone stopping by. The profile box is for expressing, on behalf of the user, what their interactions are inside your application. A good way to think about this, is Facebook Photos. Though it is now one of the largest photo applications on the internet, the profile box simply shows the two most recently updated photo albums. Or, essentially the last few interactions of the user inside the canvas pages.

Migration Plan
FBML 1.1 is available now. Start by wrapping your FBML in an fb:fbml tag like this: <fb:fbml version="1.1">My FBML 1.1 content goes here</fb:fbml>
- For 10 days, the default version of FBML will continue to be 1.0 (the current version). Anything published that isn't explicitly tagged with a version will be considered to be FBML 1.0.
- After 10 days, you will no longer be able to use FBML 1.0, and the default FBML version will be bumped to 1.1.
- At this point, even though canvas pages and new things published won't be able to use FBML 1.0, things published in the past using FBML 1.0 (either explicitly or implied) will continue to be rendered as FBML 1.0.