Because of the commercial nature of the Envato networks, authors are expected to understand and respect the fact that using the forum to post links to one’s own items, or to give away free files to the community, is not allowed. This practice effectively undercuts the hard work of all authors who wish to sell their items fairly, and as such it is not tolerated.
it’s a grey area I know, especially when not really “giving away” an item, just linking to a public jquery item. but I’ll go ahead and lock this one for now. in the past, authors have requested envato permission to post links to free items or services. maybe the next similar thread needs envato staff permission (send a ticket) in order to keep the thread on topic
Really you just gotta write the app properly from the ground up. Think about each request and what could be exploited with XSS and CSRF .
eg: an envato profile “follow” button. if you created a
<img src="http://codecanyon.net/user_ajax/follow/418558" /> then everyone who views that image would automatically follow you. thankfully envato have placed a unique token that has to be submitted along with this request, so CSRF avoided.
even this marketplace still has a few minor csrf triggerable actions. thankfully all the important ones (eg, deleting items) are protected with a postback auth token.
XSS is pretty easy to solve, just use
You need to purchase a license for the item in order to get support.
Please purchase a license, then request support from the item author (not via this general discussion forum).
After purchasing the item you may want to download it from this marketplace, 99% of the free imitation items out there contain viruses / hacks / backdoors so people can get into your website.