• Resolved darkmoonxarx

    (@darkmoonxarx)


    How about adding a field to put scripts into where you set up the different cookie types? This way we could put GA and facebook pixel script code with a cookie type named “tracking” and it could be enabled and disabled by the GDPR plugin depending on the user’s choice.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Fernando Claussen

    (@fclaussen)

    I thought about this but this is a pretty big security issue. I can’t do it if that means opening a door to potentially breaking someone’s site and/or losing their data.

    Thread Starter darkmoonxarx

    (@darkmoonxarx)

    Yeah makes sense, but it would make things sooo much easier (instead of me breaking my site with incorrect wrapper functions… Honestly, working in the functions.php feels more dangerous to me x) )
    There is a plugin called “GDPR tools” that works like this. Maybe it can give you some ideas.

    • This reply was modified 6 years, 11 months ago by darkmoonxarx.
    • This reply was modified 6 years, 11 months ago by darkmoonxarx.
    Plugin Author Fernando Claussen

    (@fclaussen)

    Hi @darkmoonxarx

    I just downloaded this plugin and reviewed its code base.

    Trew Knowledge being a WordPress VIP partner we are always focusing on security.
    From what I’ve seen, there is no sanitization of any kind happening there, so I can easily add malicious code there.

    Searching 51 files for "sanitize_"
    
    0 matches

    This really isn’t a safe viable option.

    More resources: https://vip.wordpress.com/documentation/code-review-what-we-look-for/#arbitrary-javascript-and-css-stored-in-options-or-meta

    Thread Starter darkmoonxarx

    (@darkmoonxarx)

    Interesting. Tganks for the insight. Well, your plugin looks and feels really professional and it’s great to know that your work has high standards under the hood as well.
    If making a secure version of this option takes a lot of effort you should really consider charging for a PRO version, so you can give it the attention it deserves. I would definitely pay for a high quality easy to use GDPR solution.

    Plugin Author Fernando Claussen

    (@fclaussen)

    Hi @darkmoonxarx,

    Thanks again for your kind words. It means a lot.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Suggestion: Field for JS Code to be loaded on cookie consent’ is closed to new replies.