This protects the user from attacks where a page contains malicious code that would attempt to access another site that the user is currently logged in to and do things as that user that the user most likely wouldn’t want to do, for instance, use Facebook or Gmail to spam other users.
Thankfully, browsers often provide a way to allow developers to turn off Same Origin Policy temporarily. Unfortunately, different browsers do it different ways.
I’ve just released a plugin for WordPress, wp-nutrition-label. It provides a WordPress shortcode which generates an HTML FDA-style nutrition label. For instance,
Nutrition FactsServing Size 1/2 cupServings 2Amount Per ServingCalories 87Calories from Fat 27
% Daily Value*
Total Fat 3g4%Saturated Fat 1g5%Trans Fat 0gCholesterol 0mg0%Sodium 250mg10%Total Carbohydrate 10g3%Dietary Fiber 0g0%Sugars 0gProtein 5g10%* Percent Daily Values are based on a 2,000 calorie diet. Your daily values may be higher or lower depending on your calorie needs.wp-nutrition-label
The label is styled to scale but doesn’t yet scale well. Some elements of it work well but the “Nutrition Facts” text sometimes scales poorly. I’m looking at ways to improve the way that the label scales.
I’m also working on adding more nutrients (vitamins and minerals) to the label but haven’t quite decided on how to do it yet.
This is the first piece of software I have publicly released in a very long time. It’s quite likely the first piece of GPL’d software I’ve ever written – most of the software that I have publicly released (MIT’s PC/IP, in particular) was written pre-GPL. It’s ironic that it’s written in PHP, one of the my least favorite programming languages ever, though as much as I dislike PHP I have a great deal of respect for WordPress.
WordPress offers a handy mechanism called a “shortcode”, which is a kind of macro. Shortcodes are supplied by WordPress itself and by plugins that extend WordPress’ functionality.
You use a shortcode by simply writing it in your post or page enclosed in square brackets, ie:
When you’re writing a post about a shortcode in a plugin you’ve written and are using in your web site, you’ll run into a problem where you will want to show examples of the use of the shortcode, but the examples trigger it.
You can quote the shortcode by doubling up on the opening and closing square brackets, ie:
I didn’t know this and didn’t need it until recently and was agonizing about it until I found how to do it.
For a while I’ve been advising people who need simple web sites to use WordPress. Not just people who want to blog, but people who need a very simple site with just a few pages. The reason I’ve been suggesting they use WordPress is that it’s easy to update pages (WordPress has a built-in WYSIWYG editor and automatic menu building), simple to extend and change the appearance of, and easy to maintain. Because you can keep drafts of your work in WordPress itself and it runs on the server, it also doesn’t matter where you work on it from, so you don’t have to worry about business computer versus home computer.
A downside is the prominent security issues WordPress has had of late (though the folks behind WordPress are prompt in fixing issues and clear about letting people know they need updated software). I want to be clear that I am in no way suggesting being lax about installing security updates, but it is true that a WordPress install that’s basically read-only – no user commenting and no remote posting enabled – is much less likely to suffer a break-in than a common blog would be.
I haven’t touched my web site in years. I started a blog at romkey.com and until now hadn’t posted to that in almost a year.
My site consisted of several poorly laid out pages that were quite out of date, written using Perl’s HTML::Mason package. I quite like HTML::Mason but it was overkill for what I was doing, and I’d like to get mod_perl out of my web server.
So I’m going to eat my own dog food and move my site to WordPress. In fact, I’ve just remapped things so that the blog is now the site, and I’ve switched to using WordPress 3’s standard theme, TwentyTen, with some tweaks. Because I’m also trying to get over not-invented here syndrome. (If you subscribed to the blog at the old address you don’t need to change anything; it should just keept working.)
I’ll move over pages from the old site as I have time to rewrite and update them.