Jump to content

4.3 and Codepen


HeadStand

Recommended Posts

I noticed that in 4.3, Codepen was removed from \IPS\Text\Parser::_oembedServices. 

Was this intentional? And if so, can you please provide the reason? I have a client that uses codepen extensively, so if there was a valid reason for its removal, I'd like to know so that I can be aware of the "consequences" of putting it back in.

Thanks.

Link to comment
Share on other sites

That's a huge disappointment and I'd like to strongly recommend that you put it back. Codepen embeds didn't run by default anyway - the user needed to click to activate. 

It's not like having the user click a link to go to the codepen URL (instead of embedding) would somehow protect them from malicious JS in that codepen, right? So this is just kicking the can down the road (and simultaneously frustrating your customers like me and providing a worse user experience for forums users). 

Literally almost every thread in our forums has a codepen, so this decision you made has significant ramifications for us. Please reconsider. 

Link to comment
Share on other sites

On 6/4/2018 at 10:14 AM, bfarber said:

There's no reason it couldn't be done with a plugin, however we actually received a security report about the issue and had to take action. Social engineering could be used to cause harm on sites with less savvy users.

didn't realize JS was so powerful, it could alter the course of a entire culture and society ?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...