How do you think “javascript” really hurt your blog’s Security!

• 

  lokoo · Member · Feb 24, 2006 at 12:32 am

  • Copy link
  • Add topic to favorites

  How do you think “javascript” really hurt your blog’s Security! I give the two different opinons here:
  1、Open wordpress’s javascript support maybe occur some hacks
  2、I dont think so,javascript cannt cause any security problems.

  (Please tell me wut’s your side!)

• 

  nosysnoop · Member · Feb 24, 2006 at 12:47 am

  • Copy link

  What I mostly want is to put Site Meter on my site so I can have a running total of how many visitors come. And so I can put the buttons for BlogTopSites and all the blog catalogs on so that I can be ranked again on those listings. Blogger did it but Blogger stinks and I still can’t post anything on my old blog and I lost most of the regular visitors I had. But WordPress is so fast and smooth and isn’t a pain in the ass like Blogger. And we get a reply back from WordPress unlike Blogger. Maybe one day we can have a little block of space on our sites here for javascript. But I’m happier here. :)

• 

  davidbdukes · Member · Feb 24, 2006 at 12:52 am

  • Copy link

  Actually, David Smith from Site Meter posted instructions on the Site Meter Blog about how to do jst that.

  Other information regarding that method is posted at The Alliance HQ.

• 

  nosysnoop · Member · Feb 24, 2006 at 1:17 am

  • Copy link

  Thanks! I just did it. The image isn’t showing up. But maybe in a few minutes it might.

• 

  davidbdukes · Member · Feb 24, 2006 at 1:27 am

  • Copy link

  You need to make sure your Link Category has “Category Options > Show” set to include “Images”.

  Note in the Alliance HQ example I cited, a separate Link Category was created, setting it that way. You do not need a separate category, but the category needs to support images, which can be done via that setting.

• 

  nosysnoop · Member · Feb 24, 2006 at 2:51 am

  • Copy link

  I clicked yes on ‘Visible’ but it still won’t show:

  

  Unless I’m doing something wrong.

• 

  wank · Member · Feb 24, 2006 at 4:21 am

  • Copy link

  How do you think “javascript” really hurt your blog’s Security!

  I take it you didn’t hear about what happened to livejournal? If it’s a choice between not having javascript widgets in my sidebar and having my blog mutilated by hackers I’ll take the latter, thanks. If you feel differently, there’s always blogspot ;)

• 

  victoriacarolina · Member · Feb 24, 2006 at 4:26 am

  • Copy link

  Think wank means “the former”, but anyway – yes, I too can do without the doodads to have a secure blog experience….

• 

  marc · Member · Feb 24, 2006 at 8:14 am

  • Copy link

  No thanks, the mess that is Google’s Blogger and all its problems with script insertion should warn everyone away.

• 

  wank · Member · Feb 24, 2006 at 4:57 pm

  • Copy link

  damn limited editing capacity ;)

• 

  drmike · Member · Feb 24, 2006 at 5:21 pm

  • Copy link

  Javascript can be very damaging to ones site. I can think of five ways off the top of my head.

  And, no, I’m not going to list them. :)

• 

  nosysnoop · Member · Feb 25, 2006 at 1:01 am

  • Copy link

  On my pages where it says “Friends” and “Charities”, is that considered javascript because when the images are clicked, it goes straight to the sites? On Blogger I had that all on my sidebar. But we can’t here, so I put them up as pages. And no I’m not getting paid for them. Once I was offered a monthly fee to do my blog but the more and more I thought about it, it sounded like they’re from a porn site.

• 

  wank · Member · Feb 25, 2006 at 12:43 pm

  • Copy link

  Those are just links. If it was javascript you wouldn’t have been able to add it to your site anyway.

• 

  nosysnoop · Member · Feb 25, 2006 at 11:53 pm

  • Copy link

  Okay thanks. I didn’t know if html codes were also considered javascript.

• 

  matton · Member · Mar 25, 2006 at 3:45 pm

  • Copy link

  I’m not that well-versed on code, but would it be possible to “filter all Java codes except X,Y,Z”? This would enable them to block all codes except those used by accepted sites. (Statcounter, etc.) I’m guessing this isn’t possible?

• 

  drmike · Member · Mar 25, 2006 at 5:54 pm

  • Copy link

  filter all Java codes except X,Y,Z

  They would require editing though. For example, the sitemeter code requires you to use your id code.

• 

  martinfitzp · Member · Mar 25, 2006 at 10:13 pm

  • Copy link

  There is stuff I’d like to see supported on WordPress but hell, it’s blogging software not “fancy pants web design dongle widget special effects” software.

  Time spent adding widgets to your blog would be better spent writing content for it. I should know – I migrated to wordpress.com exactly to stop myself from fiddling!

  Incidentally this will also increase your traffic far more effectively than blog catalogues.

• 

  leighm · Member · Mar 26, 2006 at 9:00 pm

  • Copy link

  Marc wrote: No thanks, the mess that is Google’s Blogger and all its problems with script insertion should warn everyone away.

  I never had any problems inserting javascripts @ blogger, and I have quite a few complex ones that create feeddirect and feeddigest news feeds.

  BTW, the “cookie stealing” is a bogus issue, the problem is in the browser, not the site. I recommend firefox with the extension ‘noscript’, it requires one to allow all javascripts manually.

  Leigh

• 

  marc · Member · Mar 26, 2006 at 10:19 pm

  • Copy link

  I never had any problems inserting javascripts @ blogger, and I have quite a few complex ones that create feeddirect and feeddigest news feeds.

  The script problems were related to scam artists that started Blogger blogs and inserted scripts that mined info or passed viruses to its visitors, not what you may have added to your personnel blog.

  AOL’s journal have had similar problems.

• 

  drmike · Member · Mar 26, 2006 at 10:22 pm

  • Copy link

  MySpace has as well.