Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Can't save form with 'href="javscript:(anything)"'
Hi,
I am editing a form.
I can save it with no problems, until I include href="javascript:(anything)"
For example <a href="javascript:void(0)" onclick="sb74_navbar_show()">Show</a>
Then I receive an error Sorry, the form could not be submitted. Please try again later.
Looking at the console, the POST request is returned with a 403 error.
I can save this string in a page with no problem. I only get the error when saving a form.
Is there something wrong with my server config, or is this normal behaviour?
Textpattern version: 4.8.4
Many thanks,
Sam
Last edited by sambooth74 (2021-02-21 16:28:32)
Offline
Re: Can't save form with 'href="javscript:(anything)"'
This is likely to be your webhost applying too stringent filters to content as a counterspam measure.
Best course of action – especially since you’ve established it’s throwing a 403 – is to write to them with an example of what you’re trying to post. Most hosts will tweak the filters to help out.
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
Re: Can't save form with 'href="javscript:(anything)"'
Bloke wrote #329005:
This is likely to be your webhost applying too stringent filters to content as a counterspam measure.
Best course of action – especially since you’ve established it’s throwing a 403 – is to write to them with an example of what you’re trying to post. Most hosts will tweak the filters to help out.
Do you have any idea why it would be accepted when saving a page, but not when saving a form? That seems to make it less likely to be a server issue. I will contact them though, thanks.
Offline
Re: Can't save form with 'href="javscript:(anything)"'
It is most odd, but the heuristics they use can vary from page to page depending on payload. It might be that the terms “form” plus “JavaScript” get bounced but when the same content is sent with the word “page” it’s fine.
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
Re: Can't save form with 'href="javscript:(anything)"'
This is resolved, and it was indeed my web host’s configuration of mod_security
I use Krystal, in case this post helps anyone else in the future.
Many thanks all.
Last edited by sambooth74 (2021-02-22 09:55:21)
Offline