Home

Your premium source for custom modification services for phpBB
  logo

HomeForumsBlogMOD ManagerFAQSearchRegisterLogin

Comments October 27, 2009

The Dangers Of Hosted Code

Filed under: Board Management, phpBB — Dave Rathbun @ 8:26 pm CommentsComments (1) 

A few weeks back I wrote about including a new “social widget” from AddThis on one of my boards. Today I removed it. Why? Because a few weeks ago their code started screwing up. Since I was referencing their code rather than hosting my own copy, I inherited their problems.

That’s not something I am really happy about.

There are other instances of hosted code on my site. For example, there is a small bit of javascript that runs the Google Adsense content on the bottom of the page. So far I have not had any problems with that other than the occasional performance problem. But the AddThis code became a nuisance a few weeks ago, and today it flat-out broke my board, causing the “back” button on many versions of IE to stop working. That’s not acceptable. For this reason I have permanently removed this code from my board.

First Symptom

A few weeks ago the “newest post” link stopped working. Something was interjecting a stray URL in the middle of the page that caused the page URL to break. Instead of this:

www.myboard.com/viewtopic.php?p=123#123

I would end up with this:

www.myboard.com/viewtopic.php?p=123#

That doesn’t work, so the newest post logic failed. This was a nuisance, but nobody complained about it, so I was wondering if it was just me. I found out today it was doing this for other folks too and nobody complained.

Next Symptom

Today a new release of AddThis was released, and it broke the back button for IE6 and IE7. That spawned immediate feedback from my users. Some of them did a search and figured out what was going on, and with a quick edit of my files I permanently removed the AddThis code. I don’t plan to put it back.

Hosted Code

Frankly this could happen with any sort of hosted code. Even if you assume that the code provider is trustworthy, there is a risk involved. What sort of testing do you do with new code before you release it? How much feedback do you get from your users? What sort of regression testing plans do you have? Now, do you think that your hosted code goes through the same series of tests that you do on your own code? What if they add new features and don’t tell you about them? What if they introduce bugs, like AddThis did?

I have read several articles that suggest we should all use Google’s hosted code for their AJAX framework. I didn’t like that idea to begin with, and I like it even less now. You can be sure that from here on out I will be very careful about adding references to hosted code to my boards.

1 Comment

  1. Having hosted code is just another way for these people to spy on you, your site, and your site’s visitors. Every request on their server is going to have your site visitor’s IP, date/time, and referring web page (ie, one of your web pages).

    No good, IMO.

    Comment by Dog Cow — October 28, 2009 @ 10:44 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress