I’ve got a site that provides blog-friendly widgets via JavaScript. These work fine in most circumstances, including self-hosted WordPress blogs. With blogs hosted at WordPress.com, however, JavaScript isn’t allowed in sidebar text modules. Has anyone seen a workaround for this limitation?
How do you add a JavaScript widget to a WordPress.com hosted blog?
you could always petition wp to add your widget to their ‘approved’ list, but who knows how long that would take. you’re talking about a way to circumvent the rules they have in place about posting arbitrary script. myspace javascript exploits in particular have increased awareness of the possibility of such workarounds, so you might have a tough time getting around the restrictions – however, here’s a classic ones to try:
put the javascript in a weird place, like anywhere that executes a URL. for instance:
sometimes the word ‘javascript’ gets cut out, but occasionally you can sneak it through as javanscript, or something similar.
sometimes quotes get stripped out – try String.fromCharCode(34) to get around that. Also, in general, using eval(“codepart1” + “codepart2”) to get around restricted words or characters.
sneaking in javascript is a tricky business, mostly utilizing unorthodox (possibly un-documented) browser behavior in order to execute arbitrary javascript on a page. Welcome to hacking.
From the official WordPress.com FAQ:
It goes on to remind the reader that both MySpace and LiveJournal had been affected by malicious Javascript and, therefore, will not be permitted (as it may be exploited by users with poor intentions). They can’t risk it with amazingly large sites (think I Can Has Cheezburger, Anderson Cooper 360, Fox, etc.).
If you think you have Javascript that would benefit WordPress.com you can contact them directly.
There is not work around for it. WordPress does not currently support Javascript. Sorry.
Just find a good site about XSS if You really need that js to work. But if it works for You it works for anybody, and You post a tutorian on how to do an XSS attack on Your page with posts or comments.
reference:
http://ha.ckers.org/xss.html