Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

支持更多评论系统 #109

Closed
hmsjy2017 opened this issue Jan 26, 2022 · 5 comments
Closed

支持更多评论系统 #109

hmsjy2017 opened this issue Jan 26, 2022 · 5 comments
Labels
enhancement New feature or request

Comments

@hmsjy2017
Copy link

hmsjy2017 commented Jan 26, 2022
edited
Loading

  • utterances 及其衍生版:
    • utterances
    • giscus 由 GitHub Discussions 驱动的评论系统。
    • beaudar 基于 GitHub issue 的轻量评论插件,Utterances 的中文版本
  • Waline 注重安全,功能强大

另外,以下评论系统有已知安全风险:

  • Valine (从 v1.4.0 以后闭源,阅读统计篡改,XSS 安全,隐私泄露,垃圾评论)
  • Gitalk (权限过高,client secret 暴露)
  • Gitment (权限过高,client secret 暴露)
  • Vssue (权限过高)

另外,Valine.js 是有隐私泄露风险的,详见 issue #336基于 Serverless 的 Valine 可能并没有那么香
还有就是从 1.4.0 之后它再不开源了:

由于某些原因,src目录将从 v1.4.0 后暂停更新.

根据 gitalk/gitalk#95

Gitalk 和 Vssue 能够 读写 授权者 所有的公共仓库 ,也就是说拿到你的授权 Token 的人,可以将你的 GitHub 公共仓库删空
F913738E-9EB5-4E99-B9D6-AFA4E51C8145

图片来自:https://www.haoyizebo.com/posts/fa15a0b0/

根据 gitalk/gitalk#285Is it safe to make my client secret public? 建议大家弃用 Gitalk 和 Gitment 等权限过高的 Github OAuth App,Gitalk 和 Gitment 权限过高,同时 client secret 暴露,谨慎使用。
@ChrAlpha ChrAlpha added the enhancement New feature or request label Jan 28, 2022
@ChrAlpha
Copy link
Owner

新的评论系统已加入计划。

至于是否移除旧的评论系统,比如 valine 用户依然较多,告知风险后最终全权交由用户评判是否更为合适?

@hmsjy2017
Copy link
Author

新的评论系统已加入计划。

至于是否移除旧的评论系统,比如 valine 用户依然较多,告知风险后最终全权交由用户评判是否更为合适?

建议加入风险提示,暂时不移除

@Codesire-Deng Codesire-Deng mentioned this issue Oct 6, 2022
Open
@brycezhang
Copy link
Contributor

brycezhang commented Aug 17, 2023
edited
Loading

添加 utterances 评论系统的步骤:

  1. /layout/_plugins/comments 目录,新建文件夹 utterances ,同时仿照其他文件结构新建文件 main.ejs 和 source.ejs,其中 source.ejs 不用留空即可。main.ejs 添加代码:
<% if (theme.comments.use === 'utterances') { %>
<div id="utterances-container" sid="<%= page.path %>"></div>
<script type="text/javascript">
  var repo = "<%= theme.comments.utterances.repo%>";
  var issueTerm = "<%= theme.comments.utterances.issueTerm%>";
  var theme = "<%= theme.comments.utterances.theme%>";
  var label = "<%= theme.comments.utterances.label%>";
  (function () {
    var container = document.getElementById("utterances-container");
    var script = document.createElement("script");
    script.src = "https://utteranc.es/client.js";
    script.setAttribute("repo", repo);
    script.setAttribute("issue-term", issueTerm);
    script.setAttribute("theme", theme);
    script.setAttribute("label", label);
    script.crossorigin = "anonymous";
    script.async = true;

    container.appendChild(script);
  })();
</script>
<% } %>
  1. placeholders.ejs 文件,在 <% } else { %> 条件前追加代码:
<%- partial('./utterances/main') %>
  1. _config.yml 中添加 utterances 配置项,记得修改配置:
comments:
  use: utterances # utterances |  disqus | disqusjs | valine | minivaline | gitalk | gitment | levere | changyan | wildfire

  # utterances
  # Docs: https://utteranc.es/
  # Tips: Make sure you have installed [utterances app](https://github.com/apps/utterances) in your repo
  utterances:
    enable: true
    repo: # Repository
    issueTerm: title # Blog post ↔️ issue mapping: pathname | url | title | og:title
    theme: github-light # Theme: github-light | github-dark | github-dark-orange | icy-dark | dark-blue | photon-dark
    label: # Issue label

@ChrAlpha
Copy link
Owner

添加 utterances 评论系统的步骤:

  1. /layout/_plugins/comments 目录,新建文件夹 utterances ,同时仿照其他文件结构新建文件 main.ejs 和 source.ejs,其中 source.ejs 不用留空即可。main.ejs 添加代码:
<% if (theme.comments.use === 'utterances') { %>
<div id="utterances-container" sid="<%= page.path %>"></div>
<script type="text/javascript">
  var repo = "<%= theme.comments.utterances.repo%>";
  var issueTerm = "<%= theme.comments.utterances.issueTerm%>";
  var theme = "<%= theme.comments.utterances.theme%>";
  var label = "<%= theme.comments.utterances.label%>";
  (function () {
    var container = document.getElementById("utterances-container");
    var script = document.createElement("script");
    script.src = "https://utteranc.es/client.js";
    script.setAttribute("repo", repo);
    script.setAttribute("issue-term", issueTerm);
    script.setAttribute("theme", theme);
    script.setAttribute("label", label);
    script.crossorigin = "anonymous";
    script.async = true;

    container.appendChild(script);
  })();
</script>
<% } %>
  1. placeholders.ejs 文件,在 <% } else { %> 条件前追加代码:
<%- partial('./utterances/main') %>
  1. _config.yml 中添加 utterances 配置项,记得修改配置:
comments:
  use: utterances # utterances |  disqus | disqusjs | valine | minivaline | gitalk | gitment | levere | changyan | wildfire

  # utterances
  # Docs: https://utteranc.es/
  # Tips: Make sure you have installed [utterances app](https://github.com/apps/utterances) in your repo
  utterances:
    enable: true
    repo: # Repository
    issueTerm: title # Blog post ↔️ issue mapping: pathname | url | title | og:title
    theme: github-light # Theme: github-light | github-dark | github-dark-orange | icy-dark | dark-blue | photon-dark
    label: # Issue label

流程基本无误,方便的话可否提 PR 我会合并

@brycezhang
Copy link
Contributor

添加 utterances 评论系统的步骤:

  1. /layout/_plugins/comments 目录,新建文件夹 utterances ,同时仿照其他文件结构新建文件 main.ejs 和 source.ejs,其中 source.ejs 不用留空即可。main.ejs 添加代码:
<% if (theme.comments.use === 'utterances') { %>
<div id="utterances-container" sid="<%= page.path %>"></div>
<script type="text/javascript">
  var repo = "<%= theme.comments.utterances.repo%>";
  var issueTerm = "<%= theme.comments.utterances.issueTerm%>";
  var theme = "<%= theme.comments.utterances.theme%>";
  var label = "<%= theme.comments.utterances.label%>";
  (function () {
    var container = document.getElementById("utterances-container");
    var script = document.createElement("script");
    script.src = "https://utteranc.es/client.js";
    script.setAttribute("repo", repo);
    script.setAttribute("issue-term", issueTerm);
    script.setAttribute("theme", theme);
    script.setAttribute("label", label);
    script.crossorigin = "anonymous";
    script.async = true;

    container.appendChild(script);
  })();
</script>
<% } %>
  1. placeholders.ejs 文件,在 <% } else { %> 条件前追加代码:
<%- partial('./utterances/main') %>
  1. _config.yml 中添加 utterances 配置项,记得修改配置:
comments:
  use: utterances # utterances |  disqus | disqusjs | valine | minivaline | gitalk | gitment | levere | changyan | wildfire

  # utterances
  # Docs: https://utteranc.es/
  # Tips: Make sure you have installed [utterances app](https://github.com/apps/utterances) in your repo
  utterances:
    enable: true
    repo: # Repository
    issueTerm: title # Blog post ↔️ issue mapping: pathname | url | title | og:title
    theme: github-light # Theme: github-light | github-dark | github-dark-orange | icy-dark | dark-blue | photon-dark
    label: # Issue label

流程基本无误,方便的话可否提 PR 我会合并

已提PR,#127

ChrAlpha pushed a commit that referenced this issue Aug 27, 2023
@brycezhang
feat(layout comments): utterances (#109)(#127)
35abecd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brycezhang @hmsjy2017 @ChrAlpha