automattic / adbusters Goto Github PK
View Code? Open in Web Editor NEWA WordPress plugin that loads a set of iframe busters for popular ad networks
Home Page: http://wordpress.org/plugins/adbusters
License: GNU General Public License v3.0
A WordPress plugin that loads a set of iframe busters for popular ad networks
Home Page: http://wordpress.org/plugins/adbusters
License: GNU General Public License v3.0
Summary: On 12/21 we were notified that third-party files are potentially vulnerable to Ad XSS attacks. To resolve vulnerabilites identified files are being removed from the Adbusters plugins.
All entries in the config should have a corresponding file in templates
.
All files in templates
should have a corresponding confign.
For any known adbusters that we've nixed, we should serve a nice 403 page :)
It would be useful for other code to have access to the array of supported iframe busters, for example, to see if a file is supported by the plugin or not.
Should provide a method wpcom_vip_get_supported_ad_busters()
(or refactor into a class).
URL is /eyewonder/interim.html. I can provide HTML if needed.
URL is /vizu/vizu-interim.html. I can provide HTML if needed.
/master/templates/pictela/Pictela_iframeproxy.html is not safe according to Randy Westergren
Reference: https://randywestergren.com/xss-vulnerabilities-in-multiple-iframe-busters-affecting-top-tier-sites/
URL is /mediaplex/mojofb_v9.html. I can provide HTML if needed.
Some sites have ads which have been configured to expect the files at a specific URL -- usually example.com/wp-content/themes/my_themes/ads/something.html, or similar.
To allow VIP sites to transition to Adbusters quickly (people don't want to/have time to reconfigure ads before the changeover), let's add a filter to the path.
Sites should have to select which adbusters they want served and any others should return a 403 error. No point in serving adbusters that a VIP doesn't want/need.
This will remove the existing undertone duplication in the plugin which is a quick hackaround to let a certain site use it.
We sometimes need crossdomain.xml support as well, for instance for Doubleclick ads. I can provide an example if needed.
Confirm current list of ad providers; make sure they are all still supported. If not, open a PR to remove them - such as:
URL is /eyeblaster/addineyeV2.html. I can provide HTML if needed.
For the future, it would be worth getting approval from all the contributors so this could be licensed under "GPLv2 or later", which is standard for plugins, and used by WP core.
As noted at https://www.gnu.org/licenses/license-list.en.html:
Please note that GPLv3 is not compatible with GPLv2 by itself. However, most software released under GPLv2 allows you to use the terms of later versions of the GPL as well. When this is the case, you can use the code under GPLv3 to make the desired combination.
My understanding of what this means is that if someone is running a plugin that only has GPLv2, they can't then use this GPLv3 in the same site. By switching licenses, we provide as much leeway for sites to use this with other plugins.
Hello!
I work for GumGum and we love that you included our iframe buster file in your plugin, thanks for that!
I do have some questions for you:
Thanks for your time and answers.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.