Hacker News new | ask | show | jobs
by olejorgenb 969 days ago
The one they shared is backed by gist which is much better if you want to understand the code.

The gist also allow people to comment on the bookmarklet.

Of course - now they have a way of injecting arbitrary javascript code into the browser of the people using the service to bookmark the bookmarklet. Lack of trust sucks.

And (due to lack of trust) most applications make it hard to share javscripts links - so you need to instead instruct people to create a new bookmark and past the content into instead of right-clicking a link and clicking "bookmark".
2 comments
ashtonmeuser 969 days ago
Hi! Agreed re: advantages of gist/git backing. Comments and gist history via GitHub add a lot of value for free. The tool also allows bookmarklet creators to write in modern, un-obfuscated JS as there are transpilation, minification, and IIFE wrapping applied to the bookmarklet.

The security risk angle is also a concern I share. If you take a look at the disclaimer at the bottom of my project README [1], you'll see this exact issue mentioned. Versioning gists and thus bookmarklets is discussed in the same document [2]. This locks bookmarklet source to a specific commit of the git repo underlying a gist.

[1] https://github.com/ashtonmeuser/bookmarklet-platform?tab=rea...

[2] https://github.com/ashtonmeuser/bookmarklet-platform?tab=rea...

link
ashtonmeuser 969 days ago
Final nitpick.

> And (due to lack of trust) most applications make it hard to share javscripts links - so you need to instead instruct people to create a new bookmark and past [sic] the content into instead of right-clicking a link and clicking "bookmark".

This is mostly true for mobile browsers. For desktop, simply dragging the button to the bookmarks bar ought to do the trick. Please feel free to open an issue if you've found this not to be the case!

link
olejorgenb 968 days ago
Ah, I see how that paragraph could be misunderstood. I actually meant it as an advantage of the service. Sharing a link to bookmarkl.ink is trivial in any system since it's just a regular link. Where as if you want to share a bookmarklet (as a use-friendly-link) directly in chat system like Slack (or in a github comment) you can't since these most likely refuse to display javascript: links
link