Locally hosting twitter widget files for security?

widgetsjs

#1

Hello,

I was just wondering if locally hosting the js file for twitter is possible ?

or is there a more secure way of importing your js file ?

My client site just went through security check and it seems to be vulnerable with external js being imported.

I’m just wondering if there is anyway to secure the external source file that we are calling just to make sure it is not modified by a hacker to inject malicious site to the website ?

Any ideas would be helpful !

Thanks !,


#2

The tweet button and follow button are available as an iframe, which you may prefer for sandboxing.

An embedded Tweet and embedded Timeline are rendered by Twitter’s hosted widgets-js. You should not host your own copy. The JavaScript file has a short expiry, with updates sometimes pushed multiple times a day. Larger changes such as our recent embedded Tweet redesign could cause an older version of an embed to fail, such as written HTML classes and the remotely loaded CSS rules against those elements mismatching.


#3