my existing widget won't work in widgetbox - disallowed tags?

i noticed that in the code i posted in the first post here, the entire OBJECT tag was removed. that's why i changed it to an iframe.

laz,

It'd be much easier if you just pointed me to a widget that you were working on to avoid any removed code form the forums. From the code above, your 'if IE' tag is just a comment, not an actual if statement.

Please post a link to the HTML/JS version, as this is what you'd need to do using Javascript to control the If and write out the appropriate code.

hi dave,

actually that is the typical non-standard IE conditional comment, which is meant to look like a comment to all browsers except ie. it works fine in a typical html document, including everywhere this widget has been included using our basic copy/paste form.

at any rate, the widget currently gets included in html pages by pasting the set of code i tried to put in that post. here is a link to that code as an html file:

http://www.monitorbankrates.com/widge...

that file consists of html (not a fully formed html document), some inline css, and the ie conditional comments.

just fyi, this widget is a wrapper around some php code that pulls the information from a database. if you have any suggestions about how to do that better for widgetbox, i'm all ears.

thanks much.

Well, sure enough, you're right. Haven't used Conditional commenting for IE in a long time!

Anyhow, I ran a test on the site and it looks as though this runs in a widget just fine. All we do is draw out an iframe to your content, so we don't strip any tags. You can view source on the frame to see this when viewing a widget.

I tried to make a remote widget from the page link above, but your server looks to be throwing a 503 when passed the QS that we pass to all iframed content:
http://www.monitorbankrates.com/widge...

dave,

hmmm, i am unclear on exactly what you said works "just fine". i still cannot create a widget that displays the content. am i missing something?

For example, I've put some condition comments in the below widget for IE. We don't strip any tags or comments.

http://www.widgetbox.com/widget/d1397...

As I mentioned, I can't check your page since it blows up as soon as it's in a widget...

forgot to include the underlying code, although you can always view source on the frame:


All browsers see this.
<!--[if IE]><p>You are using Internet Explorer.</p><![endif]-->

<!--[if !IE]>-->You're not using IE at all...<!--<![endif]-->


i gather from your previous comment ("widget blows up"), that it will not work as a widget. forget about the removed tags from my original question, i replaced the object tag with an iframe tag.

the issue is i cannot see my widget content when i try to create a widget on widgetbox, regardless of what type of widget i try to create. the server error you are seeing does not occur any other time i use this widget, including as a google gadget. i assumed that meant it was a problem with something widgetbox is doing. but it sounds like you don't consider it a problem. shall i just forget about putting this widget up on widgetbox?

Hey laz,

This isn't all that uncommon for the widget to blow up (500 error) if either

1. Your PHP page doesn't know how to handle all of the extra query string information passed along within a widget

2. Your server has issues with our headers.

Either are repairable, but they're both things that you'd need to fix. Since you're embedding an iframe and getting the same result, I'd suggest looking into the latter. Do you happen to use Dreamhost?

actually i do indeed use dreamhost. are you aware of a problem with their servers (not) handling the http request headers you are sending?

i doubt it is #1, since my php page doesn't know or care about your querystring variables. it doesn't have to handle them at all. :-)

i really appreciate you trying to help me out with this.

thanks much!

Hey laz,

So sorry for the delay on this. We have seen problems before with Dreamhost not liking our headers. The users that found the issues were able to resolve them by dealing with Dreamhost, so all I ever got was the 'thanks Dreamhost fixed it for me' response.

Maybe try shooting it over to them to see if they can identify what needs to happen. I'd love to know some info if you do get it fixed to better support Dreamhost users in the future.

i'm happy to do that. is there any chance you could show me the http headers that are getting sent as part of the request?

I'm going to pull them now using TamperData. Back in a jif.

I did some testing and it looks like the referrer is what it chokes on.


Host=www.monitorbankrates.com
User-Agent=Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-us,en;q=0.5
Accept-Encoding=gzip,deflate
Accept-Charset=ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive=300
Connection=keep-alive
Referer=http://www.monitorbankrates.com/widget/mortgage-rates-widget.html?widget.appId=08fe3b80-3f4c-4f3f-a77a-35b9bc5490b0&widget.regId=c267f8c2-9282-4d97-91fe-43124247706a&widget.friendlyId=&widget.name=My%20Widget&widget.token=faf76377b89ac07125a8c3728fa8a9b9e7d41d790000012329f71250&widget.id=0&widget.location=http%3A%2F%2Fwww.widgetbox.com%2Fstudio%2Fedit.jsp%3Fnew%3Dtrue%26id%3Dc267f8c2-9282-4d97-91fe-43124247706a&widget.timestamp=1250539541307&widget.serviceLevel=0&widget.provServiceLevel=1&widget.width=160&widget.height=250&widget.wrapper=JAVASCRIPT&widget.isAdFriendly=true&widget.isAdEnabled=false&widget.adChannels=&widget.adPlacement=



dave - i really appreciate you taking the time to do that. i have a ticket filed with dreamhost to see what they say.

but damn, i'd choke on that referrer too!!!! is it just too long? how can you tell that is where it's choking? does the referrer header need to have that entire querystring?

thanks again man, i'll let you know what dreamhost says.

It's not too long for anyone to handle, as plenty of sites still work OK with it. The deal is that the page pointed to in the referrer is where some of the magic of widgets happens. We pass down a lot of data to the page to do what it will with it (ID's, size, config param values, etc.) on the query string.

What I did to get those headers is this:

1. Loaded up the page you put together as a remote widget in Widgetbox.
2. Right-clicked (I'm in Firefox) in the frame where the error was and selected to 'show only this frame'.
3. Reloaded that frame with TamperData running (a tool for viewing headers, requests, etc.)

Once I captured the error, I used TamperData again to actually tamper with the request. This allows me to change any value(s) in the headers. I dropped down the length of the referrer and it worked like a charm.

Again, not a problem, laz. Thanks for working through it instead of giving up.

dave,

just fyi, it seems that dreamhost has a pattern set up in apache's mod_security module that, apparently, is seeing something in your referer header as a potential exploit/attack. here is the log line, if it helps:


[Tue Aug 18 16:38:55 2009] [error] [client 99.187.74.118] mod_security:
Access denied with code 503. Pattern match
"(go\\\\.to|get\\\\.to|drop\\\\.to|hey\\\\.to|switch\\\\.to|dive\\\\.to|move\\\\.to|again\\\\.at)"
at HEADER("REFERER") [severity "EMERGENCY"] [hostname
"www.monitorbankrates.com"] [uri "/widget/mortgage-rates.php"] [unique_id
"BZQr2kPNCagAAGGGTrEAAAAK"]


as i am very hesitant to turn off mod_security for our site, the main guy (i'm just his developer) has said to forget about it for now. unfortunate after all we've both put into trying to get it to work.

i really appreciate all your help and effort on this. sorry the widget won't be at widgetbox, at least for now.

regards,

-laz

Hey Laz,

Thanks for the info and sorry you had to abort. We'll see if we can get with Dreamhost about this from our end to look for a resolution.