allchildren: "dr." john zoidberg (³ I'LL TAKE EIGHT)
Amy Ponds of the 99% ([personal profile] allchildren) wrote in [community profile] getting_started2010-11-13 07:55 pm

(no subject)

Is there an easy way (or recommended layout) to add a javascript box to one's journal sidebar? Google Reader generates a java click box for blogs which looks pretty easy to cut and paste, but I thought I'd ask BEFORE giving myself the headache.
foxfirefey: A fox colored like flame over an ornately framed globe (Default)

[personal profile] foxfirefey 2010-11-14 05:25 am (UTC)(link)
It's a good thing you asked because: basically, you can't. The reasons behind this are historically security based; you can't put your own Javascript on your layout.
Edited 2010-11-14 05:27 (UTC)
matgb: Artwork of 19th century upper class anarchist, text: MatGB (Default)

[personal profile] matgb 2010-11-14 01:01 pm (UTC)(link)
Not as yet. It's been discussed as something that we need to look at in the future, but a lot of hosted blog services have restrictions on JS, and for very good security reasons. Blogspot doesn't, which is why Blogspot is the host of choice for dodgy malware and spam pedlers.

The concerns are valid. My desire to use some JS in the sidebar is valid. Any ideas for squaring the circle welcome, if you're into development stuff. It's beyond my ability to fix, unfortunately, I barely comprehend some of the issues.
ursamajor: devil uses the internet (do i look like an information booth?)

[personal profile] ursamajor 2010-11-14 10:02 pm (UTC)(link)
What I wonder about is - are there popular things that require JavaScript that Dreamwidth could vet, then offer as potential "modules" to be included in a style? Something like how Wordpress has "plugins," perhaps? At least in system styles, to start, if not necessarily personally-created ones; maybe for paid users, if availability needs to be limited that way.

And then, to come up with a list of said desired modules. Would they mostly be external-site oriented (like, embedding your recent Twitter updates or Delicious bookmarks into the sidebar), or not so much (something like displaying a random quote from a list you provide every time the page is reloaded, or rotating through a number of headers)?

I guess the part of the issue I don't know well enough as a babydev is - is it just a matter of not being able to trust Random User's JavaScript code vs. code that would go through the vetting process of proper development for Dreamwidth? Or is it really that all JavaScript code is inherently pretty insecure and easy to exploit?
matgb: Artwork of 19th century upper class anarchist, text: MatGB (Default)

[personal profile] matgb 2010-11-14 10:18 pm (UTC)(link)
is it just a matter of not being able to trust Random User's JavaScript code vs. code that would go through the vetting process of proper development for Dreamwidth? Or is it really that all JavaScript code is inherently pretty insecure and easy to exploit?

The former, I think. This has been discussed somewhere already, I don't know if it was on Buzilla or in Suggestions, and my brain isn't working tonight. But the idea of pre-approving some scripts, possibly as sidebar modules, has definitely been discussed.

A part of me wants to allow off site scripts because I'll use some weird unusual ones--I don't want to make dev time to approve my Lib Dem Sidebar widgets, but I'd like to be able to put those widgets up (the alternative, of getting them to do a non script option, is one I'm also working on, but major staff layoffs lost me the dev that agreed with me).

So yeah, lots of ideas, nothing concrete yet.