AlertWire plug-in to easily insert script tag for AlertWire client sites.
Screenshots
The plug-in settings screen, where you enter the data-token
and select into what pages the script is injected.
The script that is injected at the bottom of the page.
FAQ
Will this slow down my pages?
-
The javascript plug-in is very small, is loaded from a global CDN (content delivery network) and is publically cacheable for years. Once a
end-user has visited your site it will be in their cache.
-
The javascript snippet does a very fast JSON call that is publically cachable for 5 minutes (default), so even if your site is very heavily loaded it will be
available long before any images are finished loading.
-
The CSS file is only loaded if there are alerts to be rendered (not normally the case) and is also served from a CDN as a public long-cacheable file.
This CSS file is under 2K and will only be downloaded one per end-user.
-
The font file for the alert icons is downloaded only if there are alerts to be rendered and is also served from a CDN as a public long-cacheable file.
This font file is under 10K and will only be downloaded once per end-user.
-
The actual script execution is very fast and will not block on any downloads.
Will this break my pages?
-
All alerts are injected into the page in a div
tag and the CSS generated is scoped via a nonce-based id. It should never interact with any styling on your page
but you might need to provide a placement anchor-element to ensure your site CSS doesn’t hide the alert. The script snippet allows you to specify a container div
to act as the parent for the injected alerts in case you need to adjust them around header or navigation elements.
-
The alerts are deleted from the page DOM when closed so nothing remains on screen if the end-user closes the alert. The lightbox-style alert acts as a complete
page take-over and thus might have z-index issues, by default the alerts will be z-index of at least 10000.
-
If the javascript snippet has an error, nothing will be displayed so nothing will need to be hidden.
What about updates?
Since the AlertWire javascript client-side plug-in is long-cached, it has built-in ability to update itself to a new version. This is triggered by a
version-requirement declared in the JSON response and is completely automatic.
How much does this cost?
The plug-in is free and use is included in the cost of an AlertWire system. For more information about AlertWire.
What if I stop using AlertWire?
Since the script does essentially nothing if there are no alerts configured for the site, your script will just silently keep working and display nothing.
Is this secure?
- Yes, everything is only loaded over HTTPS with OSCP stapling, Strict Transport Security (HSTS) required and preloaded in all browsers.
- No admin defined assets other than pure text are ever served to the end-user’s browser.
- No CSS, JS, HTML or image assets are available for hacking/injecting.
- All AlertWire-supplied content is served via the CloudFlare CDN with
Qualsys SSL Labs A+ SSL rating.
- The administration application is fully tested against the OWASP best-practice criteria.
ChangeLog
1.2.2
Resaved all files in UTF8 without BOM so we don’t bust headers
1.2.1
Removed unneeded markup in setting page.
1.2
Change default endpoint to https and note version compatibility to 4.7 and update notes.
1.1.1
Bump revision in the plug-in itself.
1.1
Cleanup now that we’re in the WordPress plug-in repo.
1.0