How do you add a JavaScript widget to a Wordpress.com hosted blog?

StackOverflow https://stackoverflow.com/questions/81410

  •  09-06-2019
  •  | 
  •  

Question

I've got a site that provides blog-friendly widgets via JavaScript. These work fine in most circumstances, including self-hosted Wordpress blogs. With blogs hosted at Wordpress.com, however, JavaScript isn't allowed in sidebar text modules. Has anyone seen a workaround for this limitation?

Was it helpful?

Solution

you could always petition wp to add your widget to their 'approved' list, but who knows how long that would take. you're talking about a way to circumvent the rules they have in place about posting arbitrary script. myspace javascript exploits in particular have increased awareness of the possibility of such workarounds, so you might have a tough time getting around the restrictions - however, here's a classic ones to try:

put the javascript in a weird place, like anywhere that executes a URL. for instance:

<div style="background:url('javascript:alert(this);');" />

sometimes the word 'javascript' gets cut out, but occasionally you can sneak it through as java\nscript, or something similar.

sometimes quotes get stripped out - try String.fromCharCode(34) to get around that. Also, in general, using eval("codepart1" + "codepart2") to get around restricted words or characters.

sneaking in javascript is a tricky business, mostly utilizing unorthodox (possibly un-documented) browser behavior in order to execute arbitrary javascript on a page. Welcome to hacking.

OTHER TIPS

From the official WordPress.com FAQ:

Javascript can be used for malicious purposes and while what you want to do is okay it does not mean all javascript will be okay.

It goes on to remind the reader that both MySpace and LiveJournal had been affected by malicious Javascript and, therefore, will not be permitted (as it may be exploited by users with poor intentions). They can't risk it with amazingly large sites (think I Can Has Cheezburger, Anderson Cooper 360, Fox, etc.).

If you think you have Javascript that would benefit WordPress.com you can contact them directly.

There is not work around for it. Wordpress does not currently support Javascript. Sorry.

Just find a good site about XSS if You really need that js to work. But if it works for You it works for anybody, and You post a tutorian on how to do an XSS attack on Your page with posts or comments.

reference: http://ha.ckers.org/xss.html

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top