adding javascript to wordpress
-
Hi. I want to include a javascript like this:
<SCRIPT TYPE=”text/javascript” LANGUAGE=”Javascript” text_of_the_script”></SCRIPT>I want to know how can i do that. Including in html code that label, it doesn´t work.
Any kind of help?
Regards
-
It will never work. Javascript is not allowed in WordPress.com blogs for security reasons. You can search the forum search box for “javascript” and find maybe a hundred threads asking about various javascript inserts; none of them work, and staff has no plans to allow them, because they’re more concerned with protecting the users here from serious security problems.
-
I think WordPress should allow Javascript for competitive reasons. All other blog sites do allow javascript, and it causes problems for there not to be.
-
You are welcome to your opinion. It does however defy common sense. All other blogsites are not multiuser shared blogging platforms like wordpress is and other blogsites that did allow javascript suffered the horrific consequences. Moreover, when it comes to competition wordpress is getting more and more ex-blogger beta types every day.
If you need proof of what javascript can do, it took MySpace.com offline, (another source) and it also took the 2 million users of LiveJournal offline.This is why Livejournal, WordPress, and most other hosted sites now disallow Javascript on their pages.
Let me explain (for those who like yourself don’t already know) why hosted WordPress can’t allow Javascript.
Blogs are served from {name}.wordpress.com. The WordPress cookie is delivered to any site that ends in wordpress.com. Any Javascript on the page is legitimately allowed to look up cookies that would be sent to the domain it’s served from.
This means that if you can run Javascript on a hosted WordPress page, you can retrieve the login cookie from another WordPress user, and then pass it to an external site. (Generally by creating an image reference that includes the encoded login cookie.)
This is just a basic part of the underlying technology of the web browser, and it’s required for sites like gmail, Yahoo! and others to operate.I think most bloggers would place *security* of their blogs above all else, but you have a right to feel differently and to set other priorities. Moreover, you have other free blogging opportunities you can pursue.
IMO just asking for javascript to be allowed across the board on this shared multi-user blogging platform is truly an exercise in futility. But perhaps if you stated exactly what features are missing for you in your wordpress blog then wordpress staff may choose to code them into a widget (wordpress uses only javascript from trusted sources in widgets).
You have also stated that wordpress disallowing javascript somehow causes you “problems” on other blogging sites. Would you care to share with staff exactly what “problems” you are experiencing? :)
-
-
I don’t get why it is has to be either all JavaScript or no JavaScript at all.
I am sure there is a way to authorize JavaScripts by source, a tool checking whether the script contains a source link to Technorati, del.icio.us, last.fm, Ma.gnolia, Twitter and dozens of other well established websites.
-
Simple redirect within that URL to point it elsewhere. See it all the time within spam emails and their links.
-
I would very much like the idea of tagrolls from my delicious account as opposed to just the latest links as a sidebar widget. Perhaps as an option in the existing delicious widget.
-
Send in a feedback with this suggestion. Staff has said that they keep track of requests like that…
-
You know, this lack of javascript is a serious pain in the ass. So much so that I’m considering moving to a new service. I’m just tired of running into the same problem over and over. I can’t do what I want with last.fm, I can’t do what I want with del.icio.us, I can’t do what I want with…
-
So the security of your blog doesn’t mean anything to you? That is what you’re saying. if you want javascript’s please state to everybody here that the security of your blog and everybody else’s means nothing to you.
edit: That Powell’s advert in your sidebar is against the ToS by the way.
-
WordPress.com needs to figure out how to balance user needs with security if they want any more of my money. Finding that balance is what will make WordPress.com worth paying money for.
-
-
I didn’t say they asked me to pay for anything, judyb12. But, they need money to operate. I’m one of the small group of people on the Web who are OK with paying for services. Most people want everything for free. I don’t. But, what I do want is to have my needs, as a consumer, met.
-
Wow, drmike, you sure are rude for a moderator. Why are you only marking *some* of the edits to your posts?
Thanks for convincing me to leave WordPress.com. -
I mark all of the edits to my posts and you still haven’t explained why you want to put folk’s blogs at risk. That’s what you’re asking for.
-
Yeah, i want to add Google Analytics to my blog, but because it’s JavaScript based – I can’t! The blog stats WordPress offers are OK, but no where near as robust as those offered by Google, so it would be nice to add them. How does adding JavaScript make people at risk? JavaScript is 100% client side. So again, how does that put people at risk?
I see security mentioned throughout several posts, and as a seasoned software engineer (10+ yaers) I have no idea what you’re referring too when you say JavaScript can compromise others’ security or the security of their blogs. Huh? Yeah, people could add some pretty annoying stuff to their blogs with JavaScript [annoying ads] but there is nothing that could affect anyone elses blogs. There just isn’t.
Point in case:
We can’t add Google Analytics to our blogs (because of “security concerns” or JavaScript), but WordPress has no problems adding it to their site, just view the source HTML code and look for this: http://www.google-analytics.com -
@matthoury
I see you have also posted here https://en.forums.wordpress.com/topic.php?id=9600If your aim is to have google analytics and the use of other javascript on your blog you can either self host or hire a webhost to download a free blog template from http://wordpress.org
[Delete an attempt to moderator the forums – drmike]
-
Matt, just for reference, this topic has been discussed many time so over here in the forums as well as the FAQ blog linked to at the head of the forums. The FAQ includes offsite links to articles of examples of why userinputted javascripts are bad. One just has to look at blogger and blogspot for an example of what allowing them is a security risk.
We’re not going to have a class here on hacking so I’m not going to list how one does it with javascript.
Also for reference, Google themeselves doesn’t allow multiple installs of their Urchin tracking software on a single site.
Please also note that multiple postings on the same issue just creates more work for us and casts you in a poor light.
- The topic ‘adding javascript to wordpress’ is closed to new replies.
WordPress.com Forums 