Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Some characters are being escaped in the snippet produced by the Google Analytics module that's causing JavaScript errors. E.g. if your snippet has a "&" in it, the output <script>
tag will have it as &
so it breaks if
statements that has an and (&&) operator.
This is due to #attachment
values being run through Xss::filterAdmin()
in HtmlTag::preRenderHtmlTag()
class.
There's an issue in core to discuss how to improve this.
To reproduce the problem, simply put a alert("&");
in either in the "Code snippet (before)" or "Code snippet (after)" fields you'll see it will output &
Comment | File | Size | Author |
---|---|---|---|
#14 | Issue-2821815-by-hass-mxh-How-to-add-JavaScript-to-h.patch | 2.21 KB | hass |
| |||
#5 | Issue-2821815-by-recidive-hass-Escaping-characters-i.patch | 3.38 KB | hass |
#3 | Issue-2821815-by-hass-Add-test.patch | 1.76 KB | hass |
#2 | google_analytics-2821815-1.patch | 2.15 KB | recidive |
Comments
Comment #2
recidive CreditAttribution: recidive commentedThe attached patch adds a new class JavaScriptSnippet that implements MarkupInterface in order to bypass the
Xss::filterAdmin()
call.Comment #3
hass CreditAttribution: hass commentedComment #5
hass CreditAttribution: hass commentedComment #7
hass CreditAttribution: hass commentedMany many thanks for your patch!
Comment #8
hass CreditAttribution: hass commentedComment #10
hass CreditAttribution: hass commentedJust a simplified test.
Comment #11
hass CreditAttribution: hass commentedComment #13
hass CreditAttribution: hass commentedComment #14
hass CreditAttribution: hass commentedComment #15
hass CreditAttribution: hass commentedStay with #5