A whitelist for JavaScript widgets?

August 15, 2006 | 5 comments

I was wondering: would it be possible to have a whitelist for JavaScript on WordPress.com blogs? I know that wouldn’t be a 100% solution, but it’d be a step, wouldn’t it? Popular sites with widgets (hint, hint: LibraryThing) could be added to the whitelist. Whenever someone puts a bit of JavaScript into a text widget, the URL of the script is checked against the whitelist. If the site is on the whitelist, the widget is given the A-OK and all is well. If the site isn’t on the whitelist, the script is removed (just like it is now).

Like I said, this isn’t a perfect solution. I’m sure there will be some websites that the WP.com folks won’t want to put on the list. However, a lot of sites are starting to offer widgets for blogs, and they’re almost always in JavaScript form. A whitelist would start to open up the doors to some of these widgets, while still maintaining the security of WP.com blogs.

Notes:

1. I don’t know hardly anything about coding. I know a little bit of PHP. I’m basically thinking along the lines of…

if (url is on whitelist) javascript = ok
if (url is not on whitelist) javascript = bad bad, delete!

If that’s totally wrong, someone tell me so I can quiet myself and not appear totally silly. :)
2. Yes, I really want to embed LibraryThing in my sidebar. Really, really bad. But I do wish others could embed other widgets, too! I swear!

Technorati Tags:

Tags: , ,

5 comments

Comments feed for this article

August 15, 2006 at 4:08 pm

dresramblings

dresramblings’s avatar

That sounds like a great idea. I just don’t know if it’s doable or not. If it is, I’d support it. It would be nice to have some of the simpler features available for us to use.

P.S. I found you using the Tag Surfer!

August 15, 2006 at 4:17 pm

Josh

Josh’s avatar

Yeah, I don’t know if it’s doable or not. If it is, I’d really, really love to see it.

I pine for the LT widgets. :P
Edit: By the way, I think Tag Surfer is pretty cool.

August 17, 2006 at 5:35 am

Andy

Andy’s avatar

A whitelist is a possibility but we’re more likely to create a distinct widget for each service. Thanks for the idea! :-)

August 17, 2006 at 6:18 am

print

print’s avatar

You are sounding silly.

1. I don’t know hardly anything about coding. I know a little bit of PHP. I’m basically thinking along the lines of…

if (url is on whitelist) javascript = ok
if (url is not on whitelist) javascript = bad bad, delete!

If that’s totally wrong, someone tell me so I can quiet myself and not appear totally silly. :)

You do not need to write pseudo code to explain how a whitelist would work, or indeed to express ‘bad bad, delete!’

Most redundant.

August 17, 2006 at 9:18 am

Josh

Josh’s avatar

Sounds good, Andy.

Print: Fair enough. :)