• Resolved allm

    (@realblueorange)


    I am thinking of using embedded Bublaa on a website that I am developing.

    I have read the source code of the plugin and it seems that there are 2 external javascript files (on your domein) that get executed. Somehow that doesn’t feel right. If your site gets compromised I suffer too. Isn’t it much better to add those 2 javascript files to the plugin? That way every user is responsible for their own safety and every user can read what code is in there.

    https://www.ads-software.com/extend/plugins/bublaa-embeddable-forums/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter allm

    (@realblueorange)

    Please also check the plugin guidelines, second item at point 7:
    https://www.ads-software.com/extend/plugins/about/guidelines/

    Plugin Author bublaa

    (@bublaa)

    Hiya!

    We would be glad to have you.

    Unfortunately there isn’t much we can do about external JavaScript because that’s simply how our service works.

    Thank you for pointing out the plugin guidelines. I’ll be sure to see that all required points are made clear enough in the future.

    Kim from the bublaa team

    Thread Starter allm

    (@realblueorange)

    Hi Kim,

    It seems to me that using this plugin introduces a potential backdoor security hole in the website that is using it. You say that “this is simply how our service works”, but I wouldn’t be surprised if you can easily change things by adding the JS script files to the plugin and load them locally and not from your location.

    I am surprised that the plugin made it into the repository with this code in it.

    This way the plugin is not for me, which is a pity as your service looks really promising.

    Plugin Author bublaa

    (@bublaa)

    Hi!

    I appreciate the suggestion but Bublaa is designed to work on any platform. And even though WordPress is one of the big ones, developing the WordPress plugin separately the way you suggested would put a strain on our development process and would not really fit in our service model.

    Many services are built like this. You can find these in the plugin directory.

    Thank you for your kind words. I’m confident that you will find the perfect fit for you in the plugin directory.

    Have a good one!

    Kim from the bublaa team

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘external javascript?’ is closed to new replies.