* WalrusIRC

You need to have 5 posts and not be part of restricted usergroups in order to use the WalrusIRC embedded shoutbox. However, you can also access our IRC channel called #CodeWalrus via EFnet.

Author Topic: Alternative to Wordpress, Bludit ?  (Read 322 times)

0 Members and 1 Guest are viewing this topic.

Offline gameblabla

  • Super User
  • Join Date: May 2015
  • Location:
  • Posts: 721
  • Post Rating Ratio: +14/-6
  • TI-nspire porter
Alternative to Wordpress, Bludit ?
« on: May 01, 2017, 07:30:41 pm »
I'm looking for something like Wordpress or Bludit that plays nice with restrictive Content Security Policy rules.
That is :
  • No unsafe-inlining
  • No eval
  • No links to other websites (other than my own)

Unfortunately, no alternatives i found (except maybe Jekyll) play nice with restrictive CSP rules.
I was using a patched out Nibbleblog for CSP, except that one day it broke X_X.
Plus, it was still not playing very nice before it broke.

I thought Bludit would fare better but it grew much more complex than its older brother Nibbleblog and as a result,
i can't easily patch it for unsafe-inlining.
And i had to patch uikit because it was using eval x_x

Ghost also didn't play very nice with CSP but i wonder if that has changed... I should try it again.
As for Wordpress.... LOL, let's not even talk about it again, it's the worst example as far CSP goes.

I had considered Jekyll but i was never able to install it properly with Gem. And there's no ppa or debian repo for a more recent version...

What alternative do i have ?


  • Calculators owned: TI Nspire CX, TI-89

Online Juju

  • aka Yuki Kagayaki aka J̵̭͕͇ù̞̭̝̯̦j̴̭̙̗͖͡ù͏͓̲̕
  • CodeWalrus Staff
  • Super User
  • Server Maintenance
  • Moderator
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Inside a walrus
  • Posts: 3010
  • Post Rating Ratio: +27/-2
  • Couch potato
    • jul.savard
    • juju2143
    • @juju2143
    • juju2143
    • @julosoft
    • juju-kun
    • /u/juju2143
    • juju2143
    • @juju2143
    • Juju's shed
  • Gender: Female
  • WalriiPoints: 99999
Re: Alternative to Wordpress, Bludit ?
« Reply #1 on: May 01, 2017, 07:52:08 pm »
Let's see, at my job so far I used a heavily customized version of Kohana (now Koseven) and FuelPHP, both are PHP MVC frameworks. I imagine it's not hard to make sure CSP works, whatever that is, and to make some sort of blogging with that.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
On hiatus until when the sun goes dark in plain day. Might be on once in a while, but don't count on it.
Won't have internet on Aug 21-23, so try to not kill each other during that time.
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

Offline gameblabla

  • Super User
  • Join Date: May 2015
  • Location:
  • Posts: 721
  • Post Rating Ratio: +14/-6
  • TI-nspire porter
Re: Alternative to Wordpress, Bludit ?
« Reply #2 on: May 01, 2017, 10:18:39 pm »
Let's see, at my job so far I used a heavily customized version of Kohana (now Koseven) and FuelPHP, both are PHP MVC frameworks. I imagine it's not hard to make sure CSP works, whatever that is, and to make some sort of blogging with that.
There are just a bunch of frameworks, you would still need to do the dirty job.
That is not quite i'm looking for... I don't want to reinvent the wheel again :sigh:

CSP, or Content Security Policy is a standard designed to counter injection attacks, cross-site scripting etc...
One of the reason i want to fully implement it is because the Mozilla's Observatory gives you a better score based on your CSP's settings.
Anyway, here's how it is implemented (via .htaccess) on mah website :
Code: [Select]
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "DENY"
Header always set Content-Security-Policy "default-src 'none' ; base-uri 'none'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'; img-src 'self'; style-src 'self';"
Header always set X-Xss-Protection "1; mode=block"
Header always set Referrer-Policy "no-referrer"
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" env=HTTPS
</IfModule>

Header unset ETag
FileETag None

RewriteEngine On
RewriteCond %{HTTPS} !^on$
RewriteCond %{HTTP_HOST} ^(.*)$ [NC]
RewriteRule ^.*$ https://%1%{REQUEST_URI} [L,R=301]

However, you can notice that i had to enable unsafe-inlining because otherwise, this would break the text editor & image uploader in Bludit.
I will take another look at Jekyll however (this time from repository), i'll tell you if this fits my bill.
  • Calculators owned: TI Nspire CX, TI-89

Offline gameblabla

  • Super User
  • Join Date: May 2015
  • Location:
  • Posts: 721
  • Post Rating Ratio: +14/-6
  • TI-nspire porter
Re: Alternative to Wordpress, Bludit ?
« Reply #3 on: May 02, 2017, 08:24:25 am »
Okay, so i installed Jekyll from the repository and it's actually pretty cool !
It's completely static and as a result it's pretty fast, the markup language isn't too complex and my posts, believe it or not,
look nicer and less glitchy than they did with Bludit/Nibbleblog.
Since it's also static, it also does not suffer from mysql injection attacks.

Take a look here :
https://blog.gameblabla.nl/

And guess who's the best at Mozilla's Observatory ? :D
https://observatory.mozilla.org/analyze.html?host=blog.gameblabla.nl

Straight A's my dear comrades !
Codewalr.us in comparaison gets an F lol

@Streetwalrus, look at dis
https://observatory.mozilla.org/analyze.html?host=codewalr.us
  • Calculators owned: TI Nspire CX, TI-89

Offline Streetwalrus

  • Professional slacker
  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location: Israel
  • Posts: 2903
  • Post Rating Ratio: +20/-0
  • ƎW∀⅁ ƎH⊥
  • Gender: Male
Re: Alternative to Wordpress, Bludit ?
« Reply #4 on: May 02, 2017, 10:32:00 am »
Thanks for that, I'll take a look.
  • Calculators owned: TI-80, HP 40G, TI-84 Plus rev G (yay 128k RAM), TI-83 Plus Silver Edition (broken LCD), TI-82 Stats.fr (black), TI-Nspire CX rev C (yay Nlaunchy), TI-83+ SE ViewScreen



 


You can also use the following HTML or bulletin board code to share it on your page or forum signature!


Also do not forget to check our affiliates below.
Planet Casio TI-Planet Calc.news BroniesQC BosaikNet Velocity Games