Need help? Check out our Support site, then


WordPress.com Forums » Support

12

WriteUp in PCWorld.com

  1. drmike
    Member

    xexagon, that's not a defence when the same option has allowed folks to go in and hack sites and bring their servers down. Please take a few minutes and read the FAQ on the subject. (Granted, it uses MySpace examples but there have been Blogger examples in the past in there as well but they are no longer on line.)

    And, once again, security outweighs features around here. I, for one, would have know my site is up and running instead of being hacked or down thanks to some 12 year old who allowed a hacker in just because they wanted the latest pop video or flashing text on their site.

  2. xexagon
    Member

    Dr Mike,

    I don't want to use javascript, I just want to be able to modify the CSS (I can already use HTML on WordPress). For example, it'd be nice if I could change the font on my blog, or get all my links underlined, or maybe move the link bar to the right hand side.

    I can understand why WordPress doesn't allow this: there wouldn't be much point in installing it yourself. But it is the only thing that keeps me with Blogger: in every other respect, WordPress is better.

    Ta,

    Xexagon

  3. drmike
    Member

    I can understand why WordPress doesn't allow this: there wouldn't be much point in installing it yourself.

    Actually I guess that you don't since that's not the reason. Please remember that this is WordPress MultiUser here that runs the site, not regular WordPress. We share all of the theme files between users. If one was to change their CSS, that change would go into effect for everybody else. Andy gave an interview a short while ago that covered this.

    If you want to stay with Blogger and have your site be a target for hackers and all teh rest, feel free.

    And, yes, I'm tired of repeating this over and over again.

  4. cornell
    Member

    Oh, but Drmike, blogger is just the best blogginh platform in the known multiverse...

    ;)

  5. drmike
    Member

    *chuckle* And they keep winning awards. I know. The day I figured out that most of these mags just reprint Press Releases and call it their own research, I cancelled my subscriptions on hte ones that do.

  6. xexagon
    Member

    drmike,

    I'm not saying Blogger is the best, I'm just saying it's the only one that allows you to modify your page's appearance. Allowing modification of CSS is not a security risk in and of itself. Besides, the page you linked to refered to javascript.

    From the interview you linked to:

    It’s probably possible to create a new templating system for WordPress so that anyone can make their own template without exposing things that should remain secure on the server.

    However, apologies for not searching the forum first. I only got here via a google search for 'customising blogger', and thought I'd comment.

  7. nosysnoop
    Member

    I never had a problem with the Blogger template. After banging your head on your computer hours on end for even longer days on end, you eventually figure out the template and basic html. But they have so many technical problems and sooooooooo God damn slow. And they also labeled my site a spam site and destroyed it. But then apologized saying "sorry".

  8. drmike
    Member

    Allowing modification of CSS is not a security risk in and of itself.

    *chuckle* Wanna bet? Anyone else tempted to show him or her that that statement isn't true?

    But considering that he or she didn't even read the entire article I linked to, I guess it's moot.

  9. xexagon
    Member

    drmike,

    This is the article:

    Javascript - can I use that on my blog?

    No. Javascript can be used for malicious purposes and while what you want to do is okay it does not mean all javascript will be okay. The security of all the blogs here is paramount and until such time that we can guarantee that scripting languages will not be harmful they will not be permitted.

    If you need proof of what javascript can do, it took MySpace.com offline, (another source) and it also took the 2 million users of LiveJournal offline.

    You may want a bit of javascript and it may well be harmless but as soon as the system allows it someone will try and exploit it. Their goal would be to take this domain offline - is your need greater than all the blogs on here?

    All requests for javascript by way of the forums or feedback will be met with a 'No' for the above reasons.

    It clearly refers to javascript, and XSS is not CSS. Again, I apologise if I am missing something and there is a genuine security risk in allowing users to modify CSS (Cascading Style Sheets), but that is not what the article is saying.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags