Navigation

    Voting Theory Forum

    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Codepens

    Request for Features
    3
    16
    734
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Marylander
      Marylander last edited by Marylander

      This is less of a request and more of an effort to reopen discussion on an interesting idea that sort of wound up forgotten for various reasons that I won't go into here.

      In the early days of planning this forum, @rob advocated for incorporating Codepens into the forum. (Archive link: http://www.votingtheory.org:3000/archive/posts?where={"topic_id"%3A734} ) He argued that it would be useful for users to be able to copy example elections that forum users came up with into codepens so that they can figure out what is going on in the example without having to do a lot of computations by hand. This seems like quite a good thing!

      However, allowing users to embed codepen plugins into their posts seems like a possible security concern. Obviously it's unsafe to let people run arbitrary javascript on the site, even if the codepens require user permission before they can run. I don't know much about javascript or codepens so there may well be some obvious detail I'm missing.

      What could safely be done with codepens on the site?

      Score Sorted Margins[100]; STAR[90]; Score[81]; Approval[59]; IRV[18]; FPTP[0]

      rob J 2 Replies Last reply Reply Quote 0
      • rob
        rob Banned @Marylander last edited by

        @Marylander Codepens aren't running arbitrary JS on the actual site, they are running it in an iframe that is embedded into the site and can't communicate with the JS runtime within the site.

        If they allowed people to, for instance, steal your login credentials (e.g.. read your document.cookie and then post it to a random URL), Codepen would have never even considered making them run embedded in forums. I can assure you they carefully considered the security implications and architected it in a way that prevents such things..

        1 Reply Last reply Reply Quote 1
        • J
          Jack Waugh last edited by

          So, using the iframe technique, the burden of learning enough about NodeBB to be able to build a plugin to allow them to be embedded in posts could be relatively light.

          Whoever wants to give it a try should send me their public key for SSH.

          Approval-ordered Llull (letter grades) [10], Score // Llull [9], Score, STAR, Approval, other rated Condorcet [8]; equal-ranked Condorcet [4]; strictly-ranked Condorcet [3]; everything else [0].

          rob 1 Reply Last reply Reply Quote 0
          • rob
            rob Banned @Jack Waugh last edited by

            @Jack-Waugh Nobody needs to build a plug in, it already exists. You just need to install it. https://www.npmjs.com/package/nodebb-plugin-codepen

            J 2 Replies Last reply Reply Quote 0
            • J
              Jack Waugh @rob last edited by

              @rob

              theory@votingtheory:~/nodebb$ npm install nodebb-plugin-codepen
              
              > husky@4.2.5 install /home/theory/nodebb/node_modules/husky
              > node husky install
              
              husky > Setting up git hooks
              husky > Done
              
              > core-js@2.6.12 postinstall /home/theory/nodebb/node_modules/core-js
              > node -e "try{require('./postinstall')}catch(e){}"
              
              Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!
              
              The project needs your help! Please consider supporting of core-js on Open Collective or Patreon: 
              > https://opencollective.com/core-js 
              > https://www.patreon.com/zloirock 
              
              Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)
              
              
              > nodemailer@6.4.5 postinstall /home/theory/nodebb/node_modules/smtp-server/node_modules/nodemailer
              > node -e "try{require('./postinstall')}catch(e){}"
              
              === Nodemailer 6.4.5 ===
              
              Thank you for using Nodemailer for your email sending needs! While Nodemailer
              itself is mostly meant to be a SMTP client there are other related projects in
              the Nodemailer project as well.
              
              For example:
              > IMAP API (  https://imapapi.com  ) is a server application to easily access
              IMAP accounts via REST API
              > NodemailerApp (  https://nodemailer.com/app/  ) is a cross platform GUI app to
              debug emails
              
              
              > husky@4.2.5 postinstall /home/theory/nodebb/node_modules/husky
              > opencollective-postinstall || exit 0
              
              Thank you for using husky!
              If you rely on this package, please consider supporting our open collective:
              > https://opencollective.com/husky/donate
              
              npm WARN nodebb-plugin-emoji-android@2.0.0 requires a peer of nodebb-plugin-emoji@^2.0.0 but none is installed. You must install peer dependencies yourself.
              npm WARN textcomplete.contenteditable@0.1.1 requires a peer of textcomplete@^0.14.2 but none is installed. You must install peer dependencies yourself.
              npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/fsevents):
              npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
              
              + nodebb-plugin-codepen@0.2.0
              added 650 packages from 338 contributors and audited 1363 packages in 37.461s
              
              77 packages are looking for funding
                run `npm fund` for details
              
              found 118 vulnerabilities (11 low, 20 moderate, 83 high, 4 critical)
                run `npm audit fix` to fix them, or `npm audit` for details
              

              Approval-ordered Llull (letter grades) [10], Score // Llull [9], Score, STAR, Approval, other rated Condorcet [8]; equal-ranked Condorcet [4]; strictly-ranked Condorcet [3]; everything else [0].

              1 Reply Last reply Reply Quote 0
              • J
                Jack Waugh @rob last edited by

                @rob
                codepen activated

                Approval-ordered Llull (letter grades) [10], Score // Llull [9], Score, STAR, Approval, other rated Condorcet [8]; equal-ranked Condorcet [4]; strictly-ranked Condorcet [3]; everything else [0].

                rob 1 Reply Last reply Reply Quote 0
                • rob
                  rob Banned @Jack Waugh last edited by rob

                  @Jack-Waugh
                  So it is installed? Do I just do this?

                  https://codepen.io/karmatics/pen/eYJxXge

                  (apparently not.... are you sure it is running?)

                  J 2 Replies Last reply Reply Quote 0
                  • J
                    Jack Waugh @rob last edited by

                    @rob, the admin page that lists the plugins says it is activated. However, when I did the "npm install" (prior), I received several warnings. I posted those. I don't know whether any of those are keeping it from working.

                    Maybe I should take the latest NodeBB.

                    Approval-ordered Llull (letter grades) [10], Score // Llull [9], Score, STAR, Approval, other rated Condorcet [8]; equal-ranked Condorcet [4]; strictly-ranked Condorcet [3]; everything else [0].

                    1 Reply Last reply Reply Quote 0
                    • J
                      Jack Waugh @Marylander last edited by

                      @rob, I told the add-on to install itself, and it says it is installed, but evidently it does not actually work. Do you have a suggestion on what I should do next?

                      Approval-ordered Llull (letter grades) [10], Score // Llull [9], Score, STAR, Approval, other rated Condorcet [8]; equal-ranked Condorcet [4]; strictly-ranked Condorcet [3]; everything else [0].

                      1 Reply Last reply Reply Quote 0
                      • rob
                        rob Banned last edited by

                        I would go to the NodeBB forums. If you want me to do this, I can, but since you are the one who can respond and do what they say to do, it might be easier for you to do it.

                        We'd also like to have embeddable YouTube videos, which last I checked didn't work.

                        J 1 Reply Last reply Reply Quote 0
                        • J
                          Jack Waugh @rob last edited by

                          @rob, I predict that their first answer will be "update to the latest."

                          Approval-ordered Llull (letter grades) [10], Score // Llull [9], Score, STAR, Approval, other rated Condorcet [8]; equal-ranked Condorcet [4]; strictly-ranked Condorcet [3]; everything else [0].

                          1 Reply Last reply Reply Quote 0
                          • rob
                            rob Banned last edited by

                            Possibly. It would be interesting to see if the plug in is actively supported.

                            J 1 Reply Last reply Reply Quote 0
                            • J
                              Jack Waugh @rob last edited by Jack Waugh

                              @rob So you still think that the next step is to go ask.

                              Here is, I think, the best procedure for an upgrade. Wait until some time that is between 3am and 6am, New York time. Purchase the backup service from Linode ($2/mo.). Stop NodeBB. Trigger a backup. Await its completion. As long as the forum is going to be down anyway, this is a good opportunity to update the OS*. Upgrade NodeBB. Restart it. Do a cursory sanity check. After about a week, drop the backup service.

                              * It's Ubuntu. If I had it to do over again, I would use straight Debian, which is stabler and needs less-frequent updates.

                              Approval-ordered Llull (letter grades) [10], Score // Llull [9], Score, STAR, Approval, other rated Condorcet [8]; equal-ranked Condorcet [4]; strictly-ranked Condorcet [3]; everything else [0].

                              1 Reply Last reply Reply Quote 0
                              • rob
                                rob Banned last edited by

                                Yes, especially if you are ready to move if they offer a suggestion.

                                I posted a test here:
                                https://community.nodebb.org/topic/16088/codepen-plugin-test

                                I wish it auto-ran, but that's better than nothing.

                                J 1 Reply Last reply Reply Quote 0
                                • J
                                  Jack Waugh @rob last edited by

                                  @rob I put the query on the support forum. https://community.nodebb.org/post/85573

                                  Approval-ordered Llull (letter grades) [10], Score // Llull [9], Score, STAR, Approval, other rated Condorcet [8]; equal-ranked Condorcet [4]; strictly-ranked Condorcet [3]; everything else [0].

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    Jack Waugh @rob last edited by

                                    @rob said in Codepens:

                                    So it is installed? Do I just do this?

                                    Yes, you do.

                                    Approval-ordered Llull (letter grades) [10], Score // Llull [9], Score, STAR, Approval, other rated Condorcet [8]; equal-ranked Condorcet [4]; strictly-ranked Condorcet [3]; everything else [0].

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post