Reputation: 6418
How do you add a JavaScript widget to a Wordpress.com hosted blog?
I've got a site that provides blog-friendly widgets via JavaScript. These work fine in most circumstances, including self-hosted Wordpress blogs. With blogs hosted at Wordpress.com, however, JavaScript isn't allowed in sidebar text modules. Has anyone seen a workaround for this limitation?
Upvotes: 14
Views: 16536
Answers (4)
Reputation: 981
From the official WordPress.com FAQ:
Javascript can be used for malicious purposes and while what you want to do is okay it does not mean all javascript will be okay.
It goes on to remind the reader that both MySpace and LiveJournal had been affected by malicious Javascript and, therefore, will not be permitted (as it may be exploited by users with poor intentions). They can't risk it with amazingly large sites (think I Can Has Cheezburger, Anderson Cooper 360, Fox, etc.).
If you think you have Javascript that would benefit WordPress.com you can contact them directly.
Upvotes: 7
Reputation: 16905
Just find a good site about XSS if You really need that js to work. But if it works for You it works for anybody, and You post a tutorian on how to do an XSS attack on Your page with posts or comments.
reference: http://ha.ckers.org/xss.html
Upvotes: 0
Reputation: 27
There is not work around for it. Wordpress does not currently support Javascript. Sorry.
Upvotes: 1
Reputation: 2192
you could always petition wp to add your widget to their 'approved' list, but who knows how long that would take. you're talking about a way to circumvent the rules they have in place about posting arbitrary script. myspace javascript exploits in particular have increased awareness of the possibility of such workarounds, so you might have a tough time getting around the restrictions - however, here's a classic ones to try:
put the javascript in a weird place, like anywhere that executes a URL. for instance:
<div style="background:url('javascript:alert(this);');" />
sometimes the word 'javascript' gets cut out, but occasionally you can sneak it through as java\nscript, or something similar.
sometimes quotes get stripped out - try String.fromCharCode(34) to get around that. Also, in general, using eval("codepart1" + "codepart2") to get around restricted words or characters.
sneaking in javascript is a tricky business, mostly utilizing unorthodox (possibly un-documented) browser behavior in order to execute arbitrary javascript on a page. Welcome to hacking.
Upvotes: 7
Related Questions
- How to add(embed) a widget to another website like tawk.to, disqus etc.?
- wordpress custom html widget with PHP
- How to add third party plugin or code in wordpress like blogger
- How to embed 3rd party widgets on Blogger
- How do I place a widget for Stack Overflow on my WordPress site?
- Javascript in widget of wordpress
- How do I include a javascript file in Wordpress admin Widgets
- Insert javascript widget on one page of Drupal site
- I need to include a javascript in a wordpress blog which has no plugin
- How to create a web widget for my website users to insert on their blog?