Can I embed a FeedWind widget in an email?
Contents
No – You cannot include FeedWind (which is JavaScript-based) in an email
Security issue: JavaScript and Cross-site Scripting
FeedWind widgets are coded in JavaScript (.js) and for security reasons, .js cannot be included in an email. This is a security issue known as “cross-site scripting.” Although adding a .js snippet to your emails might seem a useful thing to be able to do – particularly when for software such as FeedWind – JavaScript allows a programmer considerable scope when it comes to executing program code which could potentially be malicious. You can be sure however, that FeedWind would never create or publish code that would harm our users, or their users!
In general however, including .js in an email could be a big risk for recipients because a JavaScript program could contain or trigger a virus, malware or other unwanted code and there is no way at present for an email program to figure out whether a specific snippet of .js is good or bad. Even though an email client could be forced to ignore this, it would be a bad decision to do so.
Where the problem lies
When an email downloads to your computer, the email client (Outlook/Gmail, Yahoo mail etc.) would have to execute the .js to know what the code actually does. This is not a feasible situation as to determine whether malware/malicious code is present, the code would have to be run independently of your operating system and scanned to ensure a virus or malware is activated.
It would be like “closing the stable door after the horse has bolted” By the time the issue is detected, the harm could already be done as code can auto-execute when an email is opened. This is not like detecting spam in an email; this is preventing a program from executing upon mail-open. JavaScript is not the only coding method that presents this problem and many scripting languages are prohibited from embedding in an email.
If you want to share a FeedWind widget using email there is a way.
When you “Save & Get code” in FeedWind, the code snippet contains a URL for your widget. The whole code snippet will look something like this:
<iframe src=”https://feed.mikle.com/widget/v2/33777/”></iframe>
Within is a URL you can use in an email to share your widgets with your email recipients
e.g https://feed.mikle.com/widget/v2/33777/