tags:

views:

51

answers:

1
+1  Q: 

Using jQuery in a Wordpress post

I'm wanting to post live jQuery examples in my Wordpress posts, and so need to be able to include working code in the actual post itself. I've turned off the WYSIWYG editor and any settings which may mess up my code when I publish. I've also, through the exec-php plugin, been able to get php code working in-post, but this (admittedly old) article gave me the impression that Javascript (and by extension, jQuery), would work without a plugin.

<script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"&gt; </script>
<script type="text/javascript">
$(document).ready(function(){

    $("#test").text("jimmy");

  });
</script>

<p id = "test"></p>
+2  A: 

It is dangerous to allow posted code to execute javascript. Its a security hole known as XSS. WordPress probably defaults stripping out javascript tags as a security precaution. There may be a setting you can change this behavior in.

Jeremy Wall  2010-01-16 02:06:21
I think Wordpress.com strips out Javascript, but this is on a self-hosted site. Surely letting posted code run Javascript is no more dangerous than letting it run PHP? Is it dangerous for visitors or for me?
Chris Armstrong  2010-01-16 02:10:55
Because javascript runs on the client it can be dangerous for anyone who visits the site. It's a little different from php which gets run on the server.
Jeremy Wall  2010-01-16 05:19:46
Ah right, but is it any different to me putting the javascript in the header of the page? Is the danger there any time you run Javascript on Wordpress or just when you do it in a post?
Chris Armstrong  2010-01-16 12:58:26
Putting javascript in the header of the page requires editing the sourcecode. Putting javascript in a post just requires editing a form.One requires access to the files on the server.The other just requires user input on the site.The security concerns are related to those two differences.
Jeremy Wall  2010-01-19 03:59:32

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript