Custom Shortcodes for JavaScript?

  • Author
  • #769624


    Is it possible to create a custom shortcode to be used on a blog? I want to implement a HubSpot tracking code on my blog and realize javascript is not allowable within the blog itself, but I am wondering if I can implement it securely using a custom shortcode. I realize this is possible for self-hosted WordPress but am wondering if it’s possible for

    The blog I need help with is



    I think that what you want to do is write your own shortcode and use it here at If so, the answer will be no. I say this with 99+% confidence, since I cannot imagine a means of doing this without a huge risk to the integrity of the site and every blog on it. I have no qualms about your intentions, but there are some ill-intentioned people out there (and in here, probably).


    Member installs are free standing. Use JavaScript on them and the only security risk is to a single blog. Not so here ate as this is a shared blogging platform.

    Let me explain (for those who don’t already know) why can’t allow JavaScript on free hosted blogs on this wpMU multi-user blogging platform.

    Blogs are served from {name} The WordPress cookie is delivered to any site that ends in Any JavaScript on the page is legitimately allowed to look up cookies that would be sent to the domain it’s served from.

    This means that if you can run JavaScript on a hosted WordPress page, you can retrieve the login cookie from another WordPress user, and then pass it to an external site. (Generally by creating an image reference that includes the encoded login cookie.)

    This is just a basic part of the underlying technology of the web browser, and it’s required for sites like gmail, Yahoo!, and others to operate.

    There are ways a site can avoid this problem (generally by constantly changing the login cookie data with EVERY response, and invalidating the old ones immediately), but they require more horsepower on the backend than the blogging sites are really able to provide, and there’s still usually a small window of opportunity.

    This is why Livejournal, WordPress, and most other hosted sites disallow Javascript on their pages.

The topic ‘Custom Shortcodes for JavaScript?’ is closed to new replies.