Investigate a wordpress.COM solution

[bastik]

People running wordpress.org (self-hosted) instances could contribute by placing a badge on their site.

Wordpress.com bloggers, have restrictions like not being able to use JavaScript or embeds (like Flash, which is not required in this case).

However it's possible to embed something with shortcodes, youtube videos for instance.

​http://en.support.wordpress.com/shortcodes/

They also provide widgets to place a calender (for example). Some of them use JavaScript.

There's a blank Widget (Text) for containing "Arbitrary text or HTML", but the iframe gets removed from it. (You also can not put JavaScript there on your own)

​http://en.support.wordpress.com/topic/widgets-sidebars/

"Automattic" just have to allow this I guess.

[bastik]

First contact has been made.
​http://en.forums.wordpress.com/topic/request-widget-for-anticensorship-project-flashproxy-help-censored-people?replies=1#post-1123757

[bastik]

Another try, asking for reaction.

​http://en.forums.wordpress.com/topic/request-widget-for-anticensorship-project-flash-proxy-help-censored-people?replies=1

If that doesn't get any reply,.... well I don't know what then.

[proper]

I suspect not so many developres read the support forum on the service wordpress.com and it's probable a bad place to ask.

Try wordpress.org, where it's develops. Try the mailing list.

​https://codex.wordpress.org/Mailing_Lists#Hackers

[bastik]

Replying to proper:

I suspect not so many developres read the support forum on the service wordpress.com and it's probable a bad place to ask.

Try wordpress.org, where it's develops. Try the mailing list.

I wrote .com uppercase on purpose. People using Wordpress don't require any action by the developers of Wordpress.

Wordpress.com is run by "Automattic" and they host the blogs. They don't allow you to run custom JavaScript or other active content. All the wonderful plug-ins for wordpress can't be used on wordpess.com

This is the decision of "Automattic", the wordpress developers can't do anything about it.

I assume that if there's no reply I'm just closing this ticket.

[saint]

With some .htaccess trickery, you can have an image that (when added as <img>) is actually an iframe [1].  This technique is frequently used by spammers to drop cookies.

It's worth testing to see if an actual bridge connection can be made before giving up on these types of hosted blogs.

[1] ​https://github.com/glamrock/cupcake/blob/master/img-embed/ideas.md

[dcf]

Replying to saint:

With some .htaccess trickery, you can have an image that (when added as <img>) is actually an iframe [1].  This technique is frequently used by spammers to drop cookies.

It's worth testing to see if an actual bridge connection can be made before giving up on these types of hosted blogs.

[1] ​https://github.com/glamrock/cupcake/blob/master/img-embed/ideas.md

I am intrigued by this. Do you have any references to examples of it working? It doesn't work in my test but I might be doing something wrong.

I'm attaching a test program that opens a web server on localhost. When you browse to localhost:8080, you get served an HTML file with <img src="x.png">. Requesting /x.png gets you a 302 redirect to /x.html. I get a "broken image" icon and this message in the Chromium console:

Resource interpreted as Image but transferred with MIME type text/html: "http://localhost:8080/x.html".

If I change the Content-type of /x.html to be image/png, I don't get the console message, but still the HTML file doesn't show in the space reserved for the image.

[dcf]

Test server for img redirect technique.

[saint]

Automattic (wordpress.com's parent company) has not been particularly responsive to requests from several people. My understanding is that they are curious to see how far flashproxy progresses.

Barring contact from the Tor Project directly, I doubt that this ticket will be resolved any time soon.

[bastik]

they did not care and so do I.