stefanboonstra

Home

WordPress Slideshow - Version 2.2.0 Beta

The 2.2.0 Beta version has now officially been released and is available for download on WordPress.org

Thank you, if you have participated in testing the Beta version of the plugin!

Wordpress Slideshow - HTML in slides (Version 2.1.16)

Have you missed using HTML in your slides? Suffer no more!

After the security exploit had been discovered in version 2.1.14, an immediate fix was required to protect the slideshow's users against all sorts of XSS attacks. The quick fix against this was, of course, blocking out all HTML and JavaScript as to disable hackers from stealing precious cookies. A very effective, but not a so elegant solution.

Having the slideshow's users provided with a security update that blocked out all HTML, a little time came available to cook up a way that users could still use HTML in their slides, but be safe against XSS attacks.

"How does this affect the way I use HTML in my slides?" If you're used to writing correct HTML code, it shouldn't be anything you really have to mind. The biggest difference is that not all tags are supported anymore. For instance, you cannot use any kind of Javascript in your slides anymore.

The following tags are still allowed:

  • b
  • br
  • div
  • h1
  • h2
  • h3
  • h4
  • h5
  • h6
  • i
  • li
  • ol
  • p
  • span
  • strong
  • sub
  • sup
  • table
  • tbody
  • td
  • tfoot
  • th
  • thead
  • tr
  • ul

For all tags but the '<br />' tag, the following attributes are allowed:

  • class
  • id
  • style

Opening and closing the element tags is pretty straightforward, attributes are a bit stricter. For instance:

<div class="class"> This is correct.

<div class= "class"> This is incorrect, note the space between 'class=' and the quotation mark.

If you have a question or suggestion on using HTML in your slideshow, please feel free to leave a post on the WordPress forum and I'll get back to you as soon as possible.

Wordpress Slideshow - Security issues resolved

You may have noticed that since yesterday, until right up to the moment I'm writing this post the plugin has been inactive on Wordpress.org.

WordPress' discovery of a security issue in the slideshow plugin meant that the plugin had to be taken down until a fix for the exploit had been made available. This is, of course, to protect the users from having their visitor's and their own data-safety compromised.

Fear not. The security exploit has been resolved and the plugin has been fully restored on WordPress.org, meaning you and your visitors can safely use the slideshow plugin again once you've upgraded to version 2.1.15.

"Were any compromises made?" Unfortunately, yes. For the next couple of days it will not be possible to use HTML in your text slides, since it is an open door for hackers. The next release (version 2.1.16) will allow use of some HTML tags in your slides again.

Social