add switch for commited/remote js and security section to readme

README.md

@@ -6,7 +6,7 @@ This small module is to help you add the [Women's Refuge Shielded Site button](h
 
 This code will help you add the shield to your SilverStripe website.
 
-Select the preferred size in your SiteConfig, and the `WomensRefugeShieldControllerExtension` will inject the necessary javascript and css in to your pages.
+Select the preferred size in your SiteConfig, and the `WomensRefugeShieldControllerExtension` will inject the necessary Javascript and CSS in to your pages.
 
 That's all there is to it.
 
@@ -26,6 +26,25 @@ Alternatively, you can include `$WomensRefugeShieldButton` anywhere in your temp
 
 ![Button in the footer](img/screenshots/button_in_footer.PNG?raw=true)
 
+## Security
+
+This module does allow Javascript from a third-party source, and as such should be treated with a level of caution. Theoretically, this could change at any time. As a result, a copy of the Javascript has been included in the module, which will be periodically updated when the remote script is.
+
+By default, the module will use the committed version of the Javascript. To authorise the use of the remote version, add the following to your site config:
+
+```yaml
+WomensRefugeShieldControllerExtension:
+  use_remote_js: true
+```
+
+We have spoken with the original authors of the script, and it has undergone security testing, in particular with regards to:
+
+- How well the site meets the objectives of being difficult to detect.
+- How secure the Shielded Site is.
+- Whether the inclusion of the Shielded Site introduces significant risk to sites it is hosted on.
+
+We are satisfied with this review, but each site is different and will have different requirements for you to consider.
+
 # Options
 
 You can view all the options on the [Women's Refuge Shielded Site website](https://shielded.co.nz/).
@@ -38,5 +57,5 @@ You can view all the options on the [Women's Refuge Shielded Site website](https
 # Special Thanks
 
 - Katie Elks for the inspiration!
-- Simon Erkelens for the module Skeleton!
+- Simon Erkelens for the module skeleton!
 - [Women's Refuge New Zealand](https://shielded.co.nz/) for the implementation!

code/WomensRefugeShieldControllerExtension.php

@@ -1,32 +1,47 @@
 <?php
 
-
 /**
  * Class WomensRefugeShieldControllerExtension
  *
  * @property ContentController $owner
  */
 class WomensRefugeShieldControllerExtension extends Extension
 {
+    /**
+     * @var bool
+     * @config
+     */
+    private static $use_remote_js = false;
+
+    private $jsDir = SS_WOMENS_REFUGE_DIR . DIRECTORY_SEPARATOR . 'javascript' . DIRECTORY_SEPARATOR;
 
     public function onAfterInit()
     {
         $config = SiteConfig::current_site_config();
-        $jsDir = SS_WOMENS_REFUGE_DIR . DIRECTORY_SEPARATOR . 'javascript' . DIRECTORY_SEPARATOR;
         switch ($config->ShieldCode) {
             case 1:
-                Requirements::javascript('https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js');
-                Requirements::javascript($jsDir.'large_tab.js');
+                $this->requireCoreJS();
+                Requirements::javascript($this->jsDir . 'large_tab.js');
                 break;
             case 2:
-                Requirements::javascript('https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js');
-                Requirements::javascript($jsDir.'small_tab.js');
+                $this->requireCoreJS();
+                Requirements::javascript($this->jsDir . 'small_tab.js');
                 break;
         }
     }
 
     public function getWomensRefugeShieldButton()
     {
+        $this->requireCoreJS();
         return $this->owner->renderWith('WomensRefugeShieldButton');
     }
+
+    protected function requireCoreJS()
+    {
+        if (Config::inst()->get(self::class, 'use_remote_js')) {
+            Requirements::javascript('https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js');
+        } else {
+            Requirements::javascript($this->jsDir . 'k33spt.min.js');
+        }
+    }
 }

code/WomensRefugeShieldSiteConfigExtension.php

@@ -8,19 +8,18 @@
  */
 class WomensRefugeShieldSiteConfigExtension extends DataExtension
 {
-
     private static $db = array(
         'ShieldCode' => 'Int'
     );
 
     public function updateCMSFields(FieldList $fields)
     {
         $fields->addFieldToTab('Root.Main',
-            $selector = DropdownField::create('ShieldCode', 'Select the type of shield to display', [
-            1 => 'Large Tab',
-            2 => 'Small Tab',
-            3 => 'None',
-        ]));
-        $selector->setEmptyString('-- Choose your shield --');
+            DropdownField::create('ShieldCode', 'Select the type of shield to display', [
+                1 => 'Large Tab',
+                2 => 'Small Tab',
+                3 => 'None',
+            ])->setEmptyString('-- Choose your shield --')
+        );
     }
 }

templates/WomensRefugeShieldButton.ss

@@ -1,4 +1,3 @@
-<% require javascript("https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js") %>
 <% require javascript("womens-refuge-shield/javascript/button.js") %>
 <% require css("womens-refuge-shield/css/button.css") %>