Docs for Diblas "Core" Plugins Require Browser Plugins?

cjaccino · January 29, 2020, 9:04pm

A number of plugins provided through the Grav admin plugin link to diblas.net. The documentation is hosted by this domain, which sends the user’s browser through a gauntlet of pages requiring the user to add browser plugins. For any security conscious user, these popups, misdirections, and requests for software installation are alarming, raising questions about the legitimacy of the plugin provider. Way outside the norm of most websites.

An example URL: http://diblas.net/plugins/add-extra-markdown-files-to-any-page

Do we know that this provider is safe? Do we value the availability of plugins over the security of users? Is there something that can be done, or should concerned uses simply ignore the diblas plugins?

Thanks

OleVik · January 29, 2020, 10:13pm

The plugins are, but the domain was not renewed and was probably automatically bought up and used for landing pages, then auto-hosting ads, and subsequently wound up in the ad-loops.

The code for the plugins are on GitHub, and have been used without issue, the problem is that the author hosted demos on a domain which he let go of control over. I submitted an issue to the Core-repository, asking for a protocol to be established to handle these cases.

cjaccino · February 4, 2020, 4:00am

Makes sense. Thanks OleVik

Topic		Replies	Views
Plugin Integration with the admin plugin Plugins	0	601	January 21, 2018
Grav Core Package with Admin already installed anyone? Archive	4	283	August 28, 2015
Is editing Admin plugin permited? First files to change? Archive	1	317	January 23, 2017
New Plugin: Admin Frontmatter Yaml	5	1074	December 20, 2019
Web without cookies	4	1414	February 28, 2022

Docs for Diblas "Core" Plugins Require Browser Plugins?

Related Topics