Opened 6 years ago

Closed 3 years ago

#7061 closed task (user disappeared)

Investigate a wordpress.COM solution

Reported by: bastik Owned by: dcf
Priority: Low Milestone:
Component: Archived/Flashproxy Version:
Severity: Normal Keywords:
Cc: adrelanos@…, griffinboyce@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

People running wordpress.org (self-hosted) instances could contribute by placing a badge on their site.

Wordpress.com bloggers, have restrictions like not being able to use JavaScript or embeds (like Flash, which is not required in this case).

However it's possible to embed something with shortcodes, youtube videos for instance.

http://en.support.wordpress.com/shortcodes/

They also provide widgets to place a calender (for example). Some of them use JavaScript.

There's a blank Widget (Text) for containing "Arbitrary text or HTML", but the iframe gets removed from it. (You also can not put JavaScript there on your own)

http://en.support.wordpress.com/topic/widgets-sidebars/

"Automattic" just have to allow this I guess.

Child Tickets

Attachments (1)

server.py (1.7 KB) - added by dcf 6 years ago.
Test server for img redirect technique.

Download all attachments as: .zip

Change History (10)

comment:1 Changed 6 years ago by dcf

Priority: normalminor

comment:3 Changed 6 years ago by bastik

Another try, asking for reaction.

http://en.forums.wordpress.com/topic/request-widget-for-anticensorship-project-flash-proxy-help-censored-people?replies=1

If that doesn't get any reply,.... well I don't know what then.

comment:4 Changed 6 years ago by proper

Cc: adrelanos@… added

I suspect not so many developres read the support forum on the service wordpress.com and it's probable a bad place to ask.

Try wordpress.org, where it's develops. Try the mailing list.

https://codex.wordpress.org/Mailing_Lists#Hackers

comment:5 in reply to:  4 Changed 6 years ago by bastik

Replying to proper:

I suspect not so many developres read the support forum on the service wordpress.com and it's probable a bad place to ask.

Try wordpress.org, where it's develops. Try the mailing list.

I wrote .com uppercase on purpose. People using Wordpress don't require any action by the developers of Wordpress.

Wordpress.com is run by "Automattic" and they host the blogs. They don't allow you to run custom JavaScript or other active content. All the wonderful plug-ins for wordpress can't be used on wordpess.com

This is the decision of "Automattic", the wordpress developers can't do anything about it.

I assume that if there's no reply I'm just closing this ticket.

comment:6 Changed 6 years ago by saint

Cc: griffinboyce@… added

With some .htaccess trickery, you can have an image that (when added as <img>) is actually an iframe [1].  This technique is frequently used by spammers to drop cookies.

It's worth testing to see if an actual bridge connection can be made before giving up on these types of hosted blogs.

[1] https://github.com/glamrock/cupcake/blob/master/img-embed/ideas.md

comment:7 in reply to:  6 Changed 6 years ago by dcf

Status: newneeds_information

Replying to saint:

With some .htaccess trickery, you can have an image that (when added as <img>) is actually an iframe [1].  This technique is frequently used by spammers to drop cookies.

It's worth testing to see if an actual bridge connection can be made before giving up on these types of hosted blogs.

[1] https://github.com/glamrock/cupcake/blob/master/img-embed/ideas.md

I am intrigued by this. Do you have any references to examples of it working? It doesn't work in my test but I might be doing something wrong.

I'm attaching a test program that opens a web server on localhost. When you browse to localhost:8080, you get served an HTML file with <img src="x.png">. Requesting /x.png gets you a 302 redirect to /x.html. I get a "broken image" icon and this message in the Chromium console:

Resource interpreted as Image but transferred with MIME type text/html: "http://localhost:8080/x.html".

If I change the Content-type of /x.html to be image/png, I don't get the console message, but still the HTML file doesn't show in the space reserved for the image.

Changed 6 years ago by dcf

Attachment: server.py added

Test server for img redirect technique.

comment:8 Changed 6 years ago by saint

Automattic (wordpress.com's parent company) has not been particularly responsive to requests from several people. My understanding is that they are curious to see how far flashproxy progresses.

Barring contact from the Tor Project directly, I doubt that this ticket will be resolved any time soon.

comment:9 Changed 3 years ago by bastik

Resolution: user disappeared
Severity: Normal
Status: needs_informationclosed

they did not care and so do I.

Note: See TracTickets for help on using tickets.