Widgets and Java apps

  • Author
  • #139175


    I’ve tried to put different things in my widgets like Feedjit, for example, and whenever I save the changes, it doesn’t recognize it and eliminates the code. For example:

    <script type=”text/javascript” src=”http://feedjit.com/serve/”></script>
    <noscript>Feedjit live traffic feed</noscript>

    After saving it, all I get is the html: Feedjit live traffic feed as if the rest of the code never existed. Is there any way to fix this? Or I can’t use any of these apps?



    Sorry, WordPress banned all of those scripts.



    For security reasons, WordPress.com strips out javascript and embeds. So, you can’t use those apps unless they offer a javascript-free form. There’s a thread “Codes for WordPress” in the off topic forum that lists widgets that do work here.






    Thank you very much… that kinda sucks.



    yea i know ¬¬



    Do you understand why javascript is a security risk on a multi-user blogging platform?

    Let me explain (for those who don’t already know) why hosted WordPress can’t allow javascript.

    Blogs are served from {name}.wordpress.com. The wordpress cookie is delivered to any site that ends in wordpress.com. Any javascript on the page is legitimately allowed to look up cookies that would be sent to the domain it’s served from.

    This means that if you can run javascript on a hosted wordpress.com page, you can retrieve the login cookie from another wordpress.com user, and then pass it to an external site. (Generally by creating an image reference that includes the encoded login cookie.)

    This is just a basic part of the underlying technology of the web browser, and it’s required for sites like gmail, Yahoo! and others to operate. And there are ways a site can avoid this problem (generally by constantly changing the login cookie data with EVERY response, and invalidating the old ones immediately. But (and it’s a big BUT) they require more horsepower on the backend than the blogging sites are really able to provide, and there’s still usually a small window of opportunity.

    This is why Livejournal, WordPress, and most other hosted sites disallow Javascript on their pages.

The topic ‘Widgets and Java apps’ is closed to new replies.