add switch for commited/remote js and security section to readme

README.md

@@ -26,6 +26,25 @@ Alternatively, you can include `$WomensRefugeShieldButton` anywhere in your temp
 
 ![Button in the footer](img/screenshots/button_in_footer.PNG?raw=true)
 
+## Security
+
+This module does allow Javascript from a third-party source, and as such should be treated with a level of caution. Theoretically, this could change at any time. As a result, a copy of the Javascript has been included in the module, which will be periodically updated when the remote script is.
+
+By default, the module will use the committed version of the Javascript. To authorise the use of the remote version, add the following to your site config:
+
+```yaml
+AndrewAndante\WomensRefugeShield\ControllerExtension:
+  use_remote_js: true
+```
+
+We have spoken with the original authors of the script, and it has undergone security testing, in particular with regards to:
+
+- How well the site meets the objectives of being difficult to detect.
+- How secure the Shielded Site is.
+- Whether the inclusion of the Shielded Site introduces significant risk to sites it is hosted on.
+
+We are satisfied with this review, but each site is different and will have different requirements for you to consider.
+
 ## Versioning
 
 - version 1.x is for SilverStripe 3
@@ -42,5 +61,5 @@ You can view all the options on the [Women's Refuge Shielded Site website](https
 # Special Thanks
 
 - Katie Elks for the inspiration!
-- Simon Erkelens for the module Skeleton!
+- Simon Erkelens for the module skeleton!
 - [Women's Refuge New Zealand](https://shielded.co.nz/) for the implementation!

code/ControllerExtension.php

@@ -3,36 +3,51 @@
 namespace AndrewAndante\WomensRefugeShield;
 
 use SilverStripe\CMS\Controllers\ContentController;
+use SilverStripe\Core\Config\Config;
 use SilverStripe\Core\Extension;
 use SilverStripe\SiteConfig\SiteConfig;
 use SilverStripe\View\Requirements;
 
-
 /**
  * Class AndrewAndante\WomensRefugeShield\ControllerExtension
  *
  * @property ContentController $owner
  */
 class ControllerExtension extends Extension
 {
+    /**
+     * @var bool
+     * @config
+     */
+    private static $use_remote_js = false;
 
     public function onAfterInit()
     {
         $config = SiteConfig::current_site_config();
         switch ($config->ShieldCode) {
             case 1:
-                Requirements::javascript('https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js');
+                $this->requireCoreJS();
                 Requirements::javascript('andrewandante/womens-refuge-shield: javascript/large_tab.js');
                 break;
             case 2:
-                Requirements::javascript('https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js');
+                $this->requireCoreJS();
                 Requirements::javascript('andrewandante/womens-refuge-shield: javascript/small_tab.js');
                 break;
         }
     }
 
     public function getWomensRefugeShieldButton()
     {
+        $this->requireCoreJS();
         return $this->owner->renderWith('WomensRefugeShieldButton');
     }
+
+    protected function requireCoreJS()
+    {
+        if (Config::inst()->get(self::class, 'use_remote_js')) {
+            Requirements::javascript('https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js');
+        } else {
+            Requirements::javascript('andrewandante/womens-refuge-shield: javascript/k33spt.min.js');
+        }
+    }
 }

code/SiteConfigExtension.php

@@ -16,18 +16,22 @@
 class SiteConfigExtension extends DataExtension
 {
 
-    private static $db = array(
-        'ShieldCode' => 'Int'
-    );
+    private static $db = [
+        'ShieldCode' => 'Int',
+    ];
+
+    private static $defaults = [
+        'UseShieldModuleJs' => false,
+    ];
 
     public function updateCMSFields(FieldList $fields)
     {
-        $fields->addFieldToTab('Root.Main',
-            $selector = DropdownField::create('ShieldCode', 'Select the type of shield to display', [
-            1 => 'Large Tab',
-            2 => 'Small Tab',
-            3 => 'None',
-        ]));
-        $selector->setEmptyString('-- Choose your shield --');
+        $fields->addFieldsToTab('Root.Main', [
+            DropdownField::create('ShieldCode', 'Select the type of shield to display', [
+                1 => 'Large Tab',
+                2 => 'Small Tab',
+                3 => 'None',
+            ])->setEmptyString('-- Choose your shield --')
+        ]);
     }
 }

templates/WomensRefugeShieldButton.ss

@@ -1,4 +1,3 @@
-<% require javascript("https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js") %>
 <% require javascript("andrewandante/womens-refuge-shield: javascript/button.js") %>
 <% require css("andrewandante/womens-refuge-shield: css/button.css") %>