

Ask HN: Review my First Open Source Project - CommentWidget - andrewljohnson
http://www.trailbehind.com/comment_widget/

======
lacker
It's funny how many of the comments on your site are people trying to break
your security with <script> tags and the like. Good work so far in resisting
them ;-)

------
sketerpot
It would be a lot cooler if you added default CSS styling that made the
comments look aesthetically pleasing. And documented the API for changing it.

Right now it looks like the basic functionality is there, but it would catch
on a lot easier if it looked unobtrusively snazzy.

~~~
andrewljohnson
Yeah, I definitely need to add a nicer CSS default.

For now, you can just override the CSS in comments.css to skin the widget. The
CSS is very simple now - just four different classes.

------
andrewljohnson
I also wrote a short blog about the project at:
<http://www.trailbehind.com/user/andrewljohnson/blog/>

I'm very curious to hear criticism of the code, so let me know if you spot
bugs or bad style.

~~~
thepanister
This is so cool...

But did you think of security? To prevent automation for example?

~~~
andrewljohnson
Yeah, on TrailBehind.com proper, I have an auth system in place, and a bit of
javascript to let users log in mid-action.

For this demo, there is no auth, so a bot could definitely spam it, but it
will work ok on your site if you have some sort of auth set up.

Later, I also want to integrate captcha with this, and I'll release my login
ajax as an add-on.

~~~
thepanister
It would be so cool if you keep allowing users to comment without login... or
even with their Facebook account - Connect.

You can work around this to prevent automation, by IP detection... like each
IP can't submit more than 10 comments in an hour at the same domain name, and
such similar techniques.

You can distrebute it, to let anyone use it at their websites.

~~~
smokey_the_bear
yeah, maybe if you added in a comment rating system, or at least a spam
button, it could sort itself out.

------
Raphael
Don't let someone post the default text, "Your comment goes here."

------
rokhayakebe
Maybe let users login using their Facebook ID. Integrate with Gravatar. Really
nice job.

------
thepanister
You may consider using clickpass for logins, if you will require login.
<http://www.clickpass.com/>

