Why not Valine
?
I have used Valine
for my blog’s comment for a long time. It is based on Leancloud and provides a good theme style.
Recently, my blog was under attack with a Valine
’s XSS attack.
The EXP is:
"link": "\" /></span><img src='none' onerror='setInterval(function(){alert()},10);'/>",
For more information, please visit the attacker’s blog.
I received my email reminder two minutes after the attack and cleaned all malicious comments immediately.
Since Valine
seems to be out of maintenance, I took this module offline. After that, I tried my best to find an alternative comment system.
Why not Gitment
?
Gitment
is another comment system based on Github
’s Issues APIs. However, this application asks for the read and write permissions of all my public and private repositories. It worries me a lot. Besides, both the app id
and app secret
are in plaintext on all my blog pages. I doubt its safety.
Now, I am using Giscus
Giscus
is a new comment system I have found recently with a good look. It is a Github
application and uses the Github
discussion APIs.
In terms of permissions, it only asks for discussion permissions of only one particular repo. Visitors need to log in to their Github
account to leave a comment.
It is pretty easy to load Giscus,
and I think I might try it for a while.
FYI, Giscus
’s homepage is here.
本人保留对侵权者及其全家发动因果律武器的权利
版权提醒
如无特殊申明,本站所有文章均是本人原创。转载请务必附上原文链接:https://www.elliot98.top/post/life/%E5%85%A8%E6%96%B0%E5%8D%9A%E5%AE%A2%E8%AF%84%E8%AE%BA%E7%B3%BB%E7%BB%9F%E4%B8%8A%E7%BA%BF/。
如有其它需要,请邮件联系!版权所有,违者必究!