Opened 5 years ago
Last modified 4 years ago
#48497 new defect (bug)
If preformatted block contains "<script>" tag page would not save
Reported by: | martynasma | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.2.4 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
If preformatted block content contains "<script>" (with or without any attributes), saving page fails with an error "Updating failed".
This happens even with < and > are encoded:
<pre class="wp-block-preformatted"><script></pre>
Change History (3)
#2
@
5 years ago
5.3 has same issue, just with a bit different error wording:
"Updating failed. Error message: The response is not a valid JSON response."
#3
@
5 years ago
Sounds similar to the issue here: #48268
I don't know if the issue I face is exactly the same, but at least looks similar.
I cannot save any page, which contain a shortcode, which contain a call to a java-script method
For example:
onload="resizeIframe(this)"
In my case I try to resize an iframe with the advanced-iframe plugin. The full shortcode looks like this:
advanced_iframe src="https://xxx.com/script.php?parameter=value" frameborder="0" scrolling="no" onload="resizeIframe(this)"
In an html block above I'v defined the resizeIframe method.
<script> function resizeIframe(iframe) { iframe.height = "10px" // required for reducing the size iframe.height = iframe.contentWindow.document.body.scrollHeight + "px"; } </script>
If I remove the part
onload="resizeIframe(this)
from the shortcode I can successfully save the page. With I can't.
I've tried already with disabled plugins and default theme.
Looks like the issue is not limited to preformatted block. Any regular paragraph block containing
<script>
will prevent page from saving.