Hacker News new | ask | show | jobs
by victorstanciu 1536 days ago
"Functionality aside embedding random scripts from twitter seems like a big risk for security and privacy."

When I started blogging again, I wanted to render my Twitter feed on the homepage, as a sort of bitesize alternative to the regular content, but I too have a deep aversion to allowing external scripts on my websites. So I added some code to my Hugo theme that pulls the tweets from my profile via the Twitter API and renders them statically.
3 comments
cxr 1536 days ago
This is still "vulnerable", in a way (though not the same kind of vulnerability as embedding third-party scripts): if Twitter disappears—or just stops returning your tweets for some other reason (e.g. they shut down their API or your account)—then you lose access to your content. It can be mitigated by making sure your SSG output is also in version control—not just the input. (While you're at it, it's a good idea to make sure your SSG is version controlled, too. That doesn't have to be a whole copy of the SSG source and/or binary in your repo; it can be e.g. its version string.)

That of course still leaves open the matter of whether/how you're making sure to trigger a new build for every new tweet.

link
victorstanciu 1536 days ago
For me, all I cared about was not loading their script. I'm not at all attached to my tweets, so I'm not really willing to put any effort into preserving them for posterity.

> That of course still leaves open the matter of whether/how you're making sure to trigger a new build for every new tweet.

Cron every five minutes.

link
gigaflop 1536 days ago
Back when I was applying for my first career position, one of the companies asked for a demo project, with one of the options being something that could poke at the Twitter API.

It was pretty darn simple to get the text of a tweet, and just apply some styles to it. If one was motivated, making something to replace Twitter's version of embedding would not be very difficult.

link
ivanche 1536 days ago
Hey Victor, would you mind sharing that piece of code?
link
victorstanciu 1536 days ago
Hey, sure, I set up a repo just now. Lemme know if it works for you or not: https://github.com/victorstanciu/hugo-tweets
link