how could i allow scripts to be run in the widget to allow adsense to display? i'm assuming that i need to add something to kses.php? if all my users are editors, does this still present a security risk if they can't edit themes? i would be setting it up for them.
It's a security risk as you would be allowing users to put in Javascripts.
We have discussed Adsense widgets in the past. You may want to do a search for them.
Hope this helps,
-drmike
can you confirm putting Javascript in posts is a security risk? How would be it hacked?
I asked because other big blog hosting like canalblog.com allow everything in post... and they are not afraid.
Thanks to give more info before I know what I risk to.
dizzy99
Member
Posted 17 years ago #
definitely don't allow javascript.
look for adsense widget i think i've seen an existing one. it should only allow the user to enter his affiliate code / maybe colors, but definitely not the whole code.
There's a couple zillion of those widgets. :)
The FAQ blog over at wp.com has a couple of examples linked to including the one that brought down myspace. We also had a discussion on the SPAM-L mail list recently about how javascripts can be used in a negative way.
Well, if you count 25k interlocking splogs a bad thing. :)
Hi drmike,
Are you saying just don't use adsense code in MU?
no, he's saying don't let your users input javascript into their blogs.
Allowing user inputted javascript is a bad thing. That example above is an example of what occurs when you do as well as the myspace example.
I use an adsense widget on my own system. All the user enters is the data like his account number, the color chocies, etc. It drops the info directly into a javascript itself.
Hi drmike,
""I use an adsense widget on my own system. All the user enters is the data like his account number, the color chocies, etc. It drops the info directly into a javascript itself.""
Is this a standard widget or your own version?
Grateful for any link(s).
Thanks