Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2021-02-21 16:27:00

sambooth74
Member
From: Sheffield, England
Registered: 2020-11-24
Posts: 12
Website

Can't save form with 'href="javscript:(anything)"'

Hi,

I am editing a form.

I can save it with no problems, until I include href="javascript:(anything)"

For example <a href="javascript:void(0)" onclick="sb74_navbar_show()">Show</a>

Then I receive an error Sorry, the form could not be submitted. Please try again later.

Looking at the console, the POST request is returned with a 403 error.

I can save this string in a page with no problem. I only get the error when saving a form.

Is there something wrong with my server config, or is this normal behaviour?

Textpattern version: 4.8.4

Many thanks,

Sam

Last edited by sambooth74 (2021-02-21 16:28:32)

Offline

#2 2021-02-21 19:40:14

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,089
Website

Re: Can't save form with 'href="javscript:(anything)"'

This is likely to be your webhost applying too stringent filters to content as a counterspam measure.

Best course of action – especially since you’ve established it’s throwing a 403 – is to write to them with an example of what you’re trying to post. Most hosts will tweak the filters to help out.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#3 2021-02-21 19:43:24

sambooth74
Member
From: Sheffield, England
Registered: 2020-11-24
Posts: 12
Website

Re: Can't save form with 'href="javscript:(anything)"'

Bloke wrote #329005:

This is likely to be your webhost applying too stringent filters to content as a counterspam measure.

Best course of action – especially since you’ve established it’s throwing a 403 – is to write to them with an example of what you’re trying to post. Most hosts will tweak the filters to help out.

Do you have any idea why it would be accepted when saving a page, but not when saving a form? That seems to make it less likely to be a server issue. I will contact them though, thanks.

Offline

#4 2021-02-21 19:47:35

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,089
Website

Re: Can't save form with 'href="javscript:(anything)"'

It is most odd, but the heuristics they use can vary from page to page depending on payload. It might be that the terms “form” plus “JavaScript” get bounced but when the same content is sent with the word “page” it’s fine.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#5 2021-02-22 09:54:53

sambooth74
Member
From: Sheffield, England
Registered: 2020-11-24
Posts: 12
Website

Re: Can't save form with 'href="javscript:(anything)"'

This is resolved, and it was indeed my web host’s configuration of mod_security

I use Krystal, in case this post helps anyone else in the future.

Many thanks all.

Last edited by sambooth74 (2021-02-22 09:55:21)

Offline

Board footer

Powered by FluxBB