The MU forums have moved to WordPress.org

WordPress MU Forums » Plugins and Hacks

Adsense kses.php hack (10 posts)

  1. cq
    Member
    Posted 17 years ago #

    how could i allow scripts to be run in the widget to allow adsense to display? i'm assuming that i need to add something to kses.php? if all my users are editors, does this still present a security risk if they can't edit themes? i would be setting it up for them.

  2. drmike
    Member
    Posted 17 years ago #

    It's a security risk as you would be allowing users to put in Javascripts.

    We have discussed Adsense widgets in the past. You may want to do a search for them.

    Hope this helps,
    -drmike

  3. hery
    Member
    Posted 17 years ago #

    can you confirm putting Javascript in posts is a security risk? How would be it hacked?

    I asked because other big blog hosting like canalblog.com allow everything in post... and they are not afraid.

    Thanks to give more info before I know what I risk to.

  4. dizzy99
    Member
    Posted 17 years ago #

    http://www.governmentsecurity.org/articles/HackingWithJavascript.php

    Enough said :)

  5. quenting
    Member
    Posted 17 years ago #

    definitely don't allow javascript.
    look for adsense widget i think i've seen an existing one. it should only allow the user to enter his affiliate code / maybe colors, but definitely not the whole code.

  6. drmike
    Member
    Posted 17 years ago #

    There's a couple zillion of those widgets. :)

    The FAQ blog over at wp.com has a couple of examples linked to including the one that brought down myspace. We also had a discussion on the SPAM-L mail list recently about how javascripts can be used in a negative way.

    Well, if you count 25k interlocking splogs a bad thing. :)

  7. wpvince
    Member
    Posted 17 years ago #

    Hi drmike,
    Are you saying just don't use adsense code in MU?

  8. quenting
    Member
    Posted 17 years ago #

    no, he's saying don't let your users input javascript into their blogs.

  9. drmike
    Member
    Posted 17 years ago #

    Allowing user inputted javascript is a bad thing. That example above is an example of what occurs when you do as well as the myspace example.

    I use an adsense widget on my own system. All the user enters is the data like his account number, the color chocies, etc. It drops the info directly into a javascript itself.

  10. wpvince
    Member
    Posted 17 years ago #

    Hi drmike,
    ""I use an adsense widget on my own system. All the user enters is the data like his account number, the color chocies, etc. It drops the info directly into a javascript itself.""

    Is this a standard widget or your own version?
    Grateful for any link(s).

    Thanks

About this Topic