You are viewing a single comment's thread from:

RE: Javascript on Steemit : Can It and Should It be Allowed

in #steemthought7 years ago (edited)

I was looking for a way to add graphs with javascript and came upon your post.

It is a conundrum for sure. Much of the javascript I want is based on plugins that need their source embedded, too. I wish Steemit could at least add common jQuery/javascript plugins to interact with that make sense. Graphs, games, etc.

I think your #2 limited javascript proposal is the most ideal. They could blacklist cross-site calls and any other functions that are commonly exploited, such as document.cookie. They don't have to mess with an interpreter. They would effectively write escaping/sanitizing logic when you do a POST.

I'm starting to realize javascript security is a cluster and you can introduce a lot of entry points for hackers that you didn't foresee until they got you by the balls.

7 years ago in #steemthought by
$0.00
    1 vote
    Reply 2
    Sort:  
  • Trending
    • [-]
     7 years ago 

    yeah it would be sweet to do d3 on steemit or some kind of live graph...

    right now it looks like they just scrub out anything between a script tag

    but is that steemit.com doing that? like if you posted something via the api with javascript would you see it?

    $0.04
    • Past Payouts $0.04, 0.00 TRX
    • - Author $0.03, 0.00 TRX
    • - Curators $0.01, 0.00 TRX
    2 votes
    Reply
    [-]
     7 years ago (edited)

    Yes, that is what escaping does. There's server side code that cleans it so that it won't be interpreted as code on the client side

    $0.02
    • Past Payouts $0.02, 0.00 TRX
    • - Author $0.02, 0.00 TRX
    • - Curators $0.00, 0.00 TRX
    1 vote
    Reply

    Coin Marketplace

    STEEM 0.16
    TRX 0.15
    JST 0.027
    BTC 60244.17
    ETH 2333.72
    USDT 1.00
    SBD 2.47