全新博客评论系统上线

2021-10-20 life blog web

Why not Valine?

I have used Valine for my blog’s comment for a long time. It is based on Leancloud and provides a good theme style. Recently, my blog was under attack with a Valine’s XSS attack. The EXP is:

"link": "\" /></span><img src='none' onerror='setInterval(function(){alert()},10);'/>",

For more information, please visit the attacker’s blog.

I received my email reminder two minutes after the attack and cleaned all malicious comments immediately. Since Valine seems to be out of maintenance, I took this module offline. After that, I tried my best to find an alternative comment system.

Why not Gitment?

Gitment is another comment system based on Github’s Issues APIs. However, this application asks for the read and write permissions of all my public and private repositories. It worries me a lot. Besides, both the app id and app secret are in plaintext on all my blog pages. I doubt its safety.

Now, I am using Giscus

Giscus is a new comment system I have found recently with a good look. It is a Github application and uses the Github discussion APIs. In terms of permissions, it only asks for discussion permissions of only one particular repo. Visitors need to log in to their Github account to leave a comment. It is pretty easy to load Giscus, and I think I might try it for a while.

FYI, Giscus’s homepage is here.

本人保留对侵权者及其全家发动因果律武器的权利

版权提醒

如无特殊申明,本站所有文章均是本人原创。转载请务必附上原文链接:https://www.elliot98.top/post/life/%E5%85%A8%E6%96%B0%E5%8D%9A%E5%AE%A2%E8%AF%84%E8%AE%BA%E7%B3%BB%E7%BB%9F%E4%B8%8A%E7%BA%BF/

如有其它需要,请邮件联系!版权所有,违者必究!