Integration with MyBlogLog
-
I’d love to see some sort of integration with MyBlogLog (http://www.mybloglog.com/, recent coverage in TechCrunch at http://www.techcrunch.com/2006/10/19/mybloglog-readers-network-around-their-favorite-blogs/).
This is a great way for blogs to improve upon many of the features currently included on proprietary social network sites but is currently (presumably) unavailable to wordpress.com users because requires javascript.
I blogged MyBlogLog’s merits at http://davidporter.wordpress.com/2006/10/20/who-needs-social-networks-anyway/.
thx!
dp -
i would agree. I’m using this with some of my other blogs and its a great feature to have. It would be great if there was even support enough so you could stick a javascript message in one post to get recognized.
-
@davidporter and sideways8
Why Javascript Gets Stripped at WordPress.com (a multiuser blogging platform)The Short Version:
“Embed tags and Javascripts are banned for security concerns. It would be child’s play for a hacker pull your login cookies if they were allowed.” (drmike on the wordpress.com forum)“Use JavaScript code sparingly and carefully. Most JavaScript code libraries on the web provide a number of useful and benign functions that help extend a website’s functionality. However, always keep in mind that many of known security exploits use JavaScript code to perform security breaches on networks or on personal computers, particularly in a Windows environment. If you don’t understand what a JavaScript code does, it’s generally not a good idea to embed it in your site.”(Duke University, Office of Web Services)
The Long Version:
Blogs are served from {name}.wordpress.com. The WordPress cookie is delivered to any site that ends in wordpress.com. Any Javascript on the page is legitimately allowed to look up cookies that would be sent to the domain it’s served from.This means that if you can run Javascript on a hosted WordPress page, you can retrieve the login cookie from another WordPress user, and then pass it to an external site. (Generally this is done by creating an image reference that includes the encoded login cookie.)
This functional reality is just a basic part of the underlying technology of the web browser, and it’s required for sites like gmail, Yahoo! and others to operate.
There are ways a site can avoid this problem (generally by constantly changing the login cookie data with EVERY response, and invalidating the old ones immediately), but they require more horsepower on the backend than the blogging sites are really able to provide, and there’s still usually a small window of opportunity.
This is why Livejournal, WordPress, and most other hosted sites disallow Javascript on their pages. I hope that helps!
Other references that may be of interest:
WordPress.com FAQs
Myspace security measure disables viral spread of widgets
Second Life – Urgent Security Announcement -
MyBlogLog now supports WordPress.com blogs.
More info on how to get it working here:
MyBlogLog widget for WordPress.com blogs — One of the best web widgets available
- The topic ‘Integration with MyBlogLog’ is closed to new replies.
WordPress.com Forums 