Making “Widgets for Google Reviews of Trustindex” a bit more GDPR compliant

So I found this topic on why Trustindex’s plugin Widgets for Google Reviews uses an external 3rd party CDN to load their images.

I solved it by overwriting the HTML of the plugin’s shortcode HTML:

add_filter('do_shortcode_tag', function ( $output, $tag ) {

    if ( 'trustindex' === $tag ) {
        $output = str_replace('https://cdn.trustindex.io/assets/platform/Google/logo.svg', get_stylesheet_directory_uri() . '/assets/images/logo-google.svg', $output );

        $output = str_replace('https://cdn.trustindex.io/assets/platform/Google/icon.svg', get_stylesheet_directory_uri() . '/assets/images/logo-google-icon.svg', $output );

        $output = str_replace('https://cdn.trustindex.io/assets/platform/Google/star/f.svg', get_stylesheet_directory_uri() . '/assets/images/review-start-f.svg', $output );

        $output = str_replace('https://cdn.trustindex.io/assets/platform/Google/star/e.svg', get_stylesheet_directory_uri() . '/assets/images/review-start-e.svg', $output );
	}
	return $output;
}, 10, 2);

And overwrite the CSS of the plugin so that the plugin’s CSS rule won’t be loaded.

div.ti-widget .source-Google .ti-star.f {
	background-image: url("assets/images/review-star-f.svg");
}

div.ti-widget .source-Google .ti-star.e {
	background-image: url("assets/images/review-star-e.svg");
}

div.ti-widget .source-Google .ti-review-header::after {
	background-image: url("assets/images/logo-google-icon.svg");
}

You need to save these images in your theme’s directory /assets/images/

• review-start-f.svg
• review-start-e.svg
• logo-google.svg
• logo-google-icon.svg

Why no fix?

I don’t understand why Trustindex doesn’t want to fix this bug to prevent the assets from loadng from their CDN. Yes, a CDN helps with delivering the assets faster and optimal, but that’s a concern if the website-builder themselves.

WordPress itself and the Twenty* themes have also offloaded their fonts from Google Fonts. So what make them so special to do this, I thought :)

The whole issue is that it’s located and handled outside of the EU. German and Austrian law have already concluded that although organisations say that they comply to the GDPR, goverment bodies are not allowed to use for example Google or Microsoft products. (Please correct me if I’m wrong @peterharlander).

But let’s hope that the new version will take in account the GDPR laws some more.

Ciao!