Closed hmsjy2017 closed 1 month ago
新的评论系统已加入计划。
至于是否移除旧的评论系统,比如 valine 用户依然较多,告知风险后最终全权交由用户评判是否更为合适?
新的评论系统已加入计划。
至于是否移除旧的评论系统,比如 valine 用户依然较多,告知风险后最终全权交由用户评判是否更为合适?
建议加入风险提示,暂时不移除
添加 utterances 评论系统的步骤:
在 /layout/_plugins/comments 目录,新建文件夹 utterances ,同时仿照其他文件结构新建文件 main.ejs 和 source.ejs,其中 source.ejs 不用留空即可。main.ejs 添加代码:
<% if (theme.comments.use === 'utterances') { %>
<div id="utterances-container" sid="<%= page.path %>"></div>
<script type="text/javascript">
var repo = "<%= theme.comments.utterances.repo%>";
var issueTerm = "<%= theme.comments.utterances.issueTerm%>";
var theme = "<%= theme.comments.utterances.theme%>";
var label = "<%= theme.comments.utterances.label%>";
(function () {
var container = document.getElementById("utterances-container");
var script = document.createElement("script");
script.src = "https://utteranc.es/client.js";
script.setAttribute("repo", repo);
script.setAttribute("issue-term", issueTerm);
script.setAttribute("theme", theme);
script.setAttribute("label", label);
script.crossorigin = "anonymous";
script.async = true;
container.appendChild(script);
})();
</script>
<% } %>
placeholders.ejs 文件,在 <% } else { %>
条件前追加代码:
<%- partial('./utterances/main') %>
_config.yml 中添加 utterances 配置项,记得修改配置:
comments:
use: utterances # utterances | disqus | disqusjs | valine | minivaline | gitalk | gitment | levere | changyan | wildfire
# utterances
# Docs: https://utteranc.es/
# Tips: Make sure you have installed [utterances app](https://github.com/apps/utterances) in your repo
utterances:
enable: true
repo: # Repository
issueTerm: title # Blog post ↔️ issue mapping: pathname | url | title | og:title
theme: github-light # Theme: github-light | github-dark | github-dark-orange | icy-dark | dark-blue | photon-dark
label: # Issue label
添加 utterances 评论系统的步骤:
- 在 /layout/_plugins/comments 目录,新建文件夹 utterances ,同时仿照其他文件结构新建文件 main.ejs 和 source.ejs,其中 source.ejs 不用留空即可。main.ejs 添加代码:
<% if (theme.comments.use === 'utterances') { %> <div id="utterances-container" sid="<%= page.path %>"></div> <script type="text/javascript"> var repo = "<%= theme.comments.utterances.repo%>"; var issueTerm = "<%= theme.comments.utterances.issueTerm%>"; var theme = "<%= theme.comments.utterances.theme%>"; var label = "<%= theme.comments.utterances.label%>"; (function () { var container = document.getElementById("utterances-container"); var script = document.createElement("script"); script.src = "https://utteranc.es/client.js"; script.setAttribute("repo", repo); script.setAttribute("issue-term", issueTerm); script.setAttribute("theme", theme); script.setAttribute("label", label); script.crossorigin = "anonymous"; script.async = true; container.appendChild(script); })(); </script> <% } %>
- placeholders.ejs 文件,在
<% } else { %>
条件前追加代码:<%- partial('./utterances/main') %>
- _config.yml 中添加 utterances 配置项,记得修改配置:
comments: use: utterances # utterances | disqus | disqusjs | valine | minivaline | gitalk | gitment | levere | changyan | wildfire # utterances # Docs: https://utteranc.es/ # Tips: Make sure you have installed [utterances app](https://github.com/apps/utterances) in your repo utterances: enable: true repo: # Repository issueTerm: title # Blog post ↔️ issue mapping: pathname | url | title | og:title theme: github-light # Theme: github-light | github-dark | github-dark-orange | icy-dark | dark-blue | photon-dark label: # Issue label
流程基本无误,方便的话可否提 PR 我会合并
添加 utterances 评论系统的步骤:
- 在 /layout/_plugins/comments 目录,新建文件夹 utterances ,同时仿照其他文件结构新建文件 main.ejs 和 source.ejs,其中 source.ejs 不用留空即可。main.ejs 添加代码:
<% if (theme.comments.use === 'utterances') { %> <div id="utterances-container" sid="<%= page.path %>"></div> <script type="text/javascript"> var repo = "<%= theme.comments.utterances.repo%>"; var issueTerm = "<%= theme.comments.utterances.issueTerm%>"; var theme = "<%= theme.comments.utterances.theme%>"; var label = "<%= theme.comments.utterances.label%>"; (function () { var container = document.getElementById("utterances-container"); var script = document.createElement("script"); script.src = "https://utteranc.es/client.js"; script.setAttribute("repo", repo); script.setAttribute("issue-term", issueTerm); script.setAttribute("theme", theme); script.setAttribute("label", label); script.crossorigin = "anonymous"; script.async = true; container.appendChild(script); })(); </script> <% } %>
- placeholders.ejs 文件,在
<% } else { %>
条件前追加代码:<%- partial('./utterances/main') %>
- _config.yml 中添加 utterances 配置项,记得修改配置:
comments: use: utterances # utterances | disqus | disqusjs | valine | minivaline | gitalk | gitment | levere | changyan | wildfire # utterances # Docs: https://utteranc.es/ # Tips: Make sure you have installed [utterances app](https://github.com/apps/utterances) in your repo utterances: enable: true repo: # Repository issueTerm: title # Blog post ↔️ issue mapping: pathname | url | title | og:title theme: github-light # Theme: github-light | github-dark | github-dark-orange | icy-dark | dark-blue | photon-dark label: # Issue label
流程基本无误,方便的话可否提 PR 我会合并
另外,以下评论系统有已知安全风险:
v1.4.0
以后闭源,阅读统计篡改,XSS 安全,隐私泄露,垃圾评论)client secret
暴露)client secret
暴露)另外,Valine.js 是有隐私泄露风险的,详见 issue #336和 [基于 Serverless 的 Valine 可能并没有那么香]()。 还有就是从 1.4.0 之后它再不开源了:
图片来自:https://www.haoyizebo.com/posts/fa15a0b0/
根据 https://github.com/gitalk/gitalk/issues/285 和 Is it safe to make my client secret public? 和 建议大家弃用 Gitalk 和 Gitment 等权限过高的 Github OAuth App,Gitalk 和 Gitment 权限过高,同时
client secret
暴露,谨慎使用。