Skip to content
/ rer.consentembed Public

Extends collective.portlet.embed preventing the load of resource from external sites

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PloneGov-IT/rer.consentembed

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
docs
docs
 
 
rer
rer
 
 
MANIFEST.in
MANIFEST.in
 
 
README.rst
README.rst
 
 
setup.py
setup.py
 
 

Repository files navigation

Extends collective.portlet.embed changing the portlet behavior. If an opt-out cookie (or a DNS header) is present and the portlet is rendering externas resources, do not render the portlet.

Hot it works

Simply adding this add-on in your buildout will change all of the collective.portlet.embed instances as follow: if...

  • a cookie named embed-optout is present with value true, or
  • the DNT (Do Not Track) header is set

...the portlet content is parsed looking for potentially malicious contents. If contents that load external sites are found, the portlet will not be rendered.

URLs in the same subdomain (aaa.bar.com that load from bbb.bar.com) are permitted and HTTP ports are ignored.

Limitations

Tricks to overtake the security check are many.

A malicious portlet creator always can (for example) put in the portlet a JavaScript that create an iframe that load external contents and the security check will not be able to find it.

Credits

Developed with the support of Regione Emilia Romagna; Regione Emilia Romagna supports the PloneGov initiative.

Authors

This product was developed by RedTurtle Technology team.

RedTurtle Technology Site

About

Extends collective.portlet.embed preventing the load of resource from external sites

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages