How do you think “javascript” really hurt your blog’s Security!

  • Author
    Posts
  • #5229

    lokoo
    Member

    How do you think “javascript” really hurt your blog’s Security! I give the two different opinons here:
    1、Open wordpress’s javascript support maybe occur some hacks
    2、I dont think so,javascript cannt cause any security problems.

    (Please tell me wut’s your side!)

    #5429

    nosysnoop
    Member

    What I mostly want is to put Site Meter on my site so I can have a running total of how many visitors come. And so I can put the buttons for BlogTopSites and all the blog catalogs on so that I can be ranked again on those listings. Blogger did it but Blogger stinks and I still can’t post anything on my old blog and I lost most of the regular visitors I had. But WordPress is so fast and smooth and isn’t a pain in the ass like Blogger. And we get a reply back from WordPress unlike Blogger. Maybe one day we can have a little block of space on our sites here for javascript. But I’m happier here. :)

    #5430

    davidonadiet
    Member

    Actually, David Smith from Site Meter posted instructions on the Site Meter Blog about how to do jst that.

    Other information regarding that method is posted at The Alliance HQ.

    #5432

    nosysnoop
    Member

    Thanks! I just did it. The image isn’t showing up. But maybe in a few minutes it might.

    #5434

    davidonadiet
    Member

    You need to make sure your Link Category has “Category Options > Show” set to include “Images”.

    Note in the Alliance HQ example I cited, a separate Link Category was created, setting it that way. You do not need a separate category, but the category needs to support images, which can be done via that setting.

    #5438

    nosysnoop
    Member

    I clicked yes on ‘Visible’ but it still won’t show:

    http://i1.tinypic.com/oggfaw.jpg

    Unless I’m doing something wrong.

    #5441

    wank
    Member

    How do you think “javascript” really hurt your blog’s Security!

    I take it you didn’t hear about what happened to livejournal? If it’s a choice between not having javascript widgets in my sidebar and having my blog mutilated by hackers I’ll take the latter, thanks. If you feel differently, there’s always blogspot ;)

    #5443

    Think wank means “the former”, but anyway – yes, I too can do without the doodads to have a secure blog experience….

    #5448

    marc
    Member

    No thanks, the mess that is Google’s Blogger and all its problems with script insertion should warn everyone away.

    #5464

    wank
    Member

    damn limited editing capacity ;)

    #5466

    drmike
    Member

    Javascript can be very damaging to ones site. I can think of five ways off the top of my head.

    And, no, I’m not going to list them. :)

    #5543

    nosysnoop
    Member

    On my pages where it says “Friends” and “Charities”, is that considered javascript because when the images are clicked, it goes straight to the sites? On Blogger I had that all on my sidebar. But we can’t here, so I put them up as pages. And no I’m not getting paid for them. Once I was offered a monthly fee to do my blog but the more and more I thought about it, it sounded like they’re from a porn site.

    #5560

    wank
    Member

    Those are just links. If it was javascript you wouldn’t have been able to add it to your site anyway.

    #5568

    nosysnoop
    Member

    Okay thanks. I didn’t know if html codes were also considered javascript.

    #5600

    matton
    Member

    I’m not that well-versed on code, but would it be possible to “filter all Java codes except X,Y,Z”? This would enable them to block all codes except those used by accepted sites. (Statcounter, etc.) I’m guessing this isn’t possible?

    #5601

    drmike
    Member

    filter all Java codes except X,Y,Z

    They would require editing though. For example, the sitemeter code requires you to use your id code.

    #5602

    martinfitzp
    Member

    There is stuff I’d like to see supported on WordPress but hell, it’s blogging software not “fancy pants web design dongle widget special effects” software.

    Time spent adding widgets to your blog would be better spent writing content for it. I should know – I migrated to wordpress.com exactly to stop myself from fiddling!

    Incidentally this will also increase your traffic far more effectively than blog catalogues.

    #5603

    leighm
    Member

    Marc wrote: No thanks, the mess that is Google’s Blogger and all its problems with script insertion should warn everyone away.

    I never had any problems inserting javascripts @ blogger, and I have quite a few complex ones that create feeddirect and feeddigest news feeds.

    BTW, the “cookie stealing” is a bogus issue, the problem is in the browser, not the site. I recommend firefox with the extension ‘noscript’, it requires one to allow all javascripts manually.

    Leigh

    #5604

    marc
    Member

    I never had any problems inserting javascripts @ blogger, and I have quite a few complex ones that create feeddirect and feeddigest news feeds.

    The script problems were related to scam artists that started Blogger blogs and inserted scripts that mined info or passed viruses to its visitors, not what you may have added to your personnel blog.

    AOL’s journal have had similar problems.

    #5605

    drmike
    Member

    MySpace has as well.

The topic ‘How do you think “javascript” really hurt your blog’s Security!’ is closed to new replies.