Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
204 lines (128 sloc) 7.24 KB

WordPress

wordpress-webmention is a plugin for the popular CMS wordPress

Implementation Home Page URLs: https://wordpress.org/plugins/webmention/ https://wordpress.org/plugins/semantic-linkbacks/

Source Code repo URL(s): https://github.com/pfefferle/wordpress-webmention/ https://github.com/acegiak/Semantic-Linkbacks https://github.com/pfefferle/wordpress-semantic-linkbacks

  • 100% open source implementation

Programming Language(s): PHP

Developer(s):

Implementation Classes: Sender and Receiver

Sending

Discovery Tests (3.1.1)

MUST

Sending Tests (3.1.2)

MUST

  • Accepts HTTP 200 response as a success
  • Accepts HTTP 201 response as a success
  • Accepts HTTP 202 response as a success

Update Tests (3.1.3)

SHOULD

Implementation Notes

Doesn't pass update test #2 yet because it doesn't send webmentions to removed links. Tracked in issue #76.

Delete Tests (3.1.4)

SHOULD

Implementation Notes

WordPress returns HTTP 404 for deleted posts, not 410.

Security Considerations (4)

  • The sender avoids sending a Webmention to a loopback address (SHOULD)

Deliberate design choice to support loopback addresses to enable local development and testing.

Extensions

This implementation has also implemented the following extensions.

Receiving

Indicate which type of response the receiver provides:

  • HTTP 200 - Receiver synchronously processes the Webmention request (not recommended)
  • HTTP 201 - Receiver creates a status URL the sender can use to check the status of the Webmention
  • HTTP 202 - Receiver processes the Webmention asynchronously

Describe the response body (if any) which is returned in the request:

Plain text permalink URL of the newly created comment on the target page.

Request Verification (3.2.1)

  • Verifies source and target are valid URLs, rejecting with HTTP 400 (MUST)
  • Verifies that target is a valid resource for which the receiver accepts Webmentions, rejecting with HTTP 400 (SHOULD)
  • Ignores fragment when checking if target is supported (SHOULD)

Webmention Verification (3.2.2)

  • Verification is processed asynchronously (SHOULD)
  • Follows at least one HTTP redirect on source URL (MUST)
  • Respects a self-imposed limit on number of HTTP redirects to follow (MUST)

Limits to 5 redirects. Returns 400 if that limit is exceeded.

Source URL content-types supported

Please list the content types that your implementation supports when checking if the source document links to the target URL.

  • HTML
  • Other: text/*, application/json, etc.

HTML Verification (3.2.2)

The tests below apply when the source document is HTML.

  • Accepts a Webmention where the target URL is in an <a> tag
  • Accepts a Webmention where the target URL is in an <img> tag
  • Accepts a Webmention where the target URL is in an <video> tag
  • Accepts a Webmention where the target URL is in an <audio> tag
  • Rejects a Webmention where the target URL is in the document as text
  • Rejects a Webmention where the target URL is in an <a> tag inside an HTML comment
  • Rejects a Webmention where the target URL is not in the document

Webmention Display/Use

  • The receiver displays data from the source URL on the target post (MAY)

  • The receiver recognizes that the source URL is a "comment" or "reply" to the post

  • using HTML classes: u-reply, u-in-reply-to, u-reply-of

  • The receiver recognizes that the source URL is a "like" of the post

  • using HTML class: u-like, u-like-of

  • The receiver recognizes that the source URL is a "repost" of the post

  • using HTML class: u-repost, u-repost-of

  • The receiver recognizes that the source URL is an "RSVP" to the post

  • using HTML class: p-rsvp

  • The receiver recognizes additional response types, using class:

  • Response: favorite using HTML class: u-favorite, u-favorite-of

  • Response: bookmark using HTML class: u-bookmark, u-bookmark-of

  • Response: tag using HTML class: u-tag-of

Please describe any other ways the Webmention is displayed or used if applicable.

Update Tests (3.2.4)

  • Does not display an update Webmention as a new response (SHOULD)
  • Removes the response when an update Webmention is sent and the source URL returns 200 and no link is found (SHOULD)
  • Updates and stores the information from the primary object at the source URL (MUST)
  • Updates and stores the information from children or descendant objects at the source URL (MAY)

Delete Tests (3.2.4)

  • Recognizes an HTTP 410 response as a delete, and removes the response (SHOULD)

Security Considerations (4)

  • Webmentions are moderated before being displayed (MAY)
  • Webmentions are periodically re-verified (MAY)
  • The receiver ensures any displayed data it properly encoded/filtered to prevent XSS attacks (MUST)
  • Respects a self-imposed limit on the time spent fetching the source URL (SHOULD)
  • Respects a self-imposed limit on the number of bytes fetched from the source URL (SHOULD)
  • The receiver accepts additional parameters or headers, and so has CSRF protection (SHOULD)

Extensions

This implementation has also implemented the following extensions.