wordpress.md

WordPress

wordpress-webmention is a plugin for the popular CMS wordPress

Implementation Home Page URLs: https://wordpress.org/plugins/webmention/ https://wordpress.org/plugins/semantic-linkbacks/

Source Code repo URL(s): https://github.com/pfefferle/wordpress-webmention/ https://github.com/acegiak/Semantic-Linkbacks https://github.com/pfefferle/wordpress-semantic-linkbacks

• 100% open source implementation

Programming Language(s): PHP

Developer(s):

• Matthias Pfefferle
• Ashton McAllan
• David Shanske
• and more...

Implementation Classes: Sender and Receiver

Sending

Discovery Tests (3.1.1)

MUST

• Discovery Test #1
• Discovery Test #2
• Discovery Test #3
• Discovery Test #4
• Discovery Test #5
• Discovery Test #6
• Discovery Test #7
• Discovery Test #8
• Discovery Test #9
• Discovery Test #10
• Discovery Test #11
• Discovery Test #12
• Discovery Test #13
• Discovery Test #14
• Discovery Test #15
• Discovery Test #16
• Discovery Test #17
• Discovery Test #18
• Discovery Test #19
• Discovery Test #20
• Discovery Test #21

Sending Tests (3.1.2)

MUST

• Accepts HTTP 200 response as a success
• Accepts HTTP 201 response as a success
• Accepts HTTP 202 response as a success

Update Tests (3.1.3)

SHOULD

• Update Test #1
• Update Test #2

Implementation Notes

Doesn't pass update test #2 yet because it doesn't send webmentions to removed links. Tracked in issue #76.

Delete Tests (3.1.4)

SHOULD

• Delete Test #1

Implementation Notes

WordPress returns HTTP 404 for deleted posts, not 410.

Security Considerations (4)

• The sender avoids sending a Webmention to a loopback address (SHOULD)

Deliberate design choice to support loopback addresses to enable local development and testing.

Extensions

This implementation has also implemented the following extensions.

• Salmention
• Vouch
• Other: _______

Receiving

Indicate which type of response the receiver provides:

• HTTP 200 - Receiver synchronously processes the Webmention request (not recommended)
• HTTP 201 - Receiver creates a status URL the sender can use to check the status of the Webmention
• HTTP 202 - Receiver processes the Webmention asynchronously

Describe the response body (if any) which is returned in the request:

Plain text permalink URL of the newly created comment on the target page.

Request Verification (3.2.1)

• Verifies source and target are valid URLs, rejecting with HTTP 400 (MUST)
• Verifies that target is a valid resource for which the receiver accepts Webmentions, rejecting with HTTP 400 (SHOULD)
• Ignores fragment when checking if target is supported (SHOULD)

Webmention Verification (3.2.2)

• Verification is processed asynchronously (SHOULD)
• Follows at least one HTTP redirect on source URL (MUST)
• Respects a self-imposed limit on number of HTTP redirects to follow (MUST)

Limits to 5 redirects. Returns 400 if that limit is exceeded.

Source URL content-types supported

Please list the content types that your implementation supports when checking if the source document links to the target URL.

• HTML
• Other: text/*, application/json, etc.

HTML Verification (3.2.2)

The tests below apply when the source document is HTML.

• Accepts a Webmention where the target URL is in an <a> tag
• Accepts a Webmention where the target URL is in an <img> tag
• Accepts a Webmention where the target URL is in an <video> tag
• Accepts a Webmention where the target URL is in an <audio> tag
• Rejects a Webmention where the target URL is in the document as text
• Rejects a Webmention where the target URL is in an <a> tag inside an HTML comment
• Rejects a Webmention where the target URL is not in the document

Webmention Display/Use

• The receiver displays data from the source URL on the target post (MAY)

• The receiver recognizes that the source URL is a "comment" or "reply" to the post

• using HTML classes: u-reply, u-in-reply-to, u-reply-of

• The receiver recognizes that the source URL is a "like" of the post

• using HTML class: u-like, u-like-of

• The receiver recognizes that the source URL is a "repost" of the post

• using HTML class: u-repost, u-repost-of

• The receiver recognizes that the source URL is an "RSVP" to the post

• using HTML class: p-rsvp

• The receiver recognizes additional response types, using class:

• Response: favorite using HTML class: u-favorite, u-favorite-of

• Response: bookmark using HTML class: u-bookmark, u-bookmark-of

• Response: tag using HTML class: u-tag-of

Please describe any other ways the Webmention is displayed or used if applicable.

Update Tests (3.2.4)

• Does not display an update Webmention as a new response (SHOULD)
• Removes the response when an update Webmention is sent and the source URL returns 200 and no link is found (SHOULD)
• Updates and stores the information from the primary object at the source URL (MUST)
• Updates and stores the information from children or descendant objects at the source URL (MAY)

Delete Tests (3.2.4)

• Recognizes an HTTP 410 response as a delete, and removes the response (SHOULD)

Security Considerations (4)

• Webmentions are moderated before being displayed (MAY)
• Webmentions are periodically re-verified (MAY)
• The receiver ensures any displayed data it properly encoded/filtered to prevent XSS attacks (MUST)
• Respects a self-imposed limit on the time spent fetching the source URL (SHOULD)
• Respects a self-imposed limit on the number of bytes fetched from the source URL (SHOULD)
• The receiver accepts additional parameters or headers, and so has CSRF protection (SHOULD)

Extensions

This implementation has also implemented the following extensions.

• Salmention
• Vouch
• Other: _______