Using <script> tags in html and raw blocks

I'm trying to use the cytoscape.js library to include a network visualization, and neither the raw nor html blocks seem to save with <script> tags present. 

 

Is this supposed to be a security feature, and if so how do the developers want us to run scripts?

  • View
    1538
  • More
Replies (14)

    • Hello

      HTML block allows to use common HTML tags to format the text only. It doesn't allow to use SCRIPT tag.

      RAW block displays its content as is. So, you should be able to include JS file using SCRIPT tag. I tried to include some JS from Google and it's working fine.

      ---
      Best Regards
      Anton

      • E

        Interesting. When I try to include a SCRIPT tag in a RAW block it wont save it, and just spins it's wheel indefinitely.

        Could you share the snippet of code that you got to save and work in a RAW block? 

        • I used the following:

          <script>alert(111);</script>
          <script src="https://www.google-analytics.com/analytics.js"></script>

          When I viewed the page I got the alert first and then found (using dev console) the loaded JS.

          • E

            I still get the same problem of it not saving. I've tried using both Chrome and Firefox now :-/

             

            Just to make sure we're doing the same thing. I added a RAW block to a page and then copy and pasted your code into the content box. However, once I hit save I still just get the spinning UNA symbol indefinitely :(

            Is there some sort of permission that I might need to change do you think?

            Thanks for your help! :)

            • Could you please provide access to your site's Studio to check this problem ? Also what is the page you are adding raw block to ?

              • It maybe you have some security software installed on your server, like mod_security for apache, please try to place .htaccess file into /studio/ folder with the following content:

                <IfModule mod_security.c>
                    SecFilterEngine Off
                    SecFilterScanPOST Off
                </IfModule>

                • E

                  I added your code snippet to the .htaccess file in una's studio folder, but it doesn't seem to have fixed it. Though maybe it will just take awhile for it to update? 

                  • E

                    Sadly that didn't seem to fix it :(

                    • Could you please try to insert this code into .htaccess in root folder of your domain:

                      <IfModule mod_security.c>
                          SecFilterEngine Off
                          SecFilterScanPOST Off
                      </IfModule>

                      • E

                        Thanks for your help, but that still didn't fix it :(

                        Do I need to download the mod_security.c file and put it somewhere? I don't see it in the UNA installation anywhere, but I don't see a security module in the Apps Market either... 

                        • It maybe it's related to some other security software on your server, or even in your browser.

                          Is it possible to deactivate mod_security on your web-server to ensure that the problem isn't in it ?

                          • E

                            It's fixed! I talked to my web host, and they white listed some mod_security rules that had been triggered.They said I could have it deactivated, but the whitelisting seemed to do the trick on it's own.

                             

                            Thanks for all the help again! :D

                            • F

                              Ok thanks i try

                               

                              • F

                                Ok thanks have resolve

                                Login or Join to comment.