You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using the code editors I typically experience xss filters that prevent me from submitting. These are either browser reflected xss filters or apache mod_sec.
Avoiding these can be done via ajax submission, but even better would be to encode our form data when submitting to the server.
The text was updated successfully, but these errors were encountered:
Some workarounds are to disable mod_sec for some stuff. Which is risky, we do use a nonce so that helps a little.
if your host allows it via .htaccess
# disables mod_sec for specific ip and post only
SetEnvIf Remote_Addr ^xxx\.xxx\.xxx\.xxx$ MODSEC_ENABLE=Off
SetEnvIf Request_Method !^POST$ MODSEC_ENABLE=On
You can also disable specific mod_sec rules if you can identify them, or specify specific pages and forms.
Did a quick and dirty test encoder that can be done with a plugin via hooks.
Obviously needs testing and has no base64 fallback for browsers that do not support btoa
no clue what the char support is for unicode etc. but you get the gist, could always do some serializing or a custom encoder $val.serialize() etc.
// use php or js to target which pages, depending on which hooks and where you output // <?php if (get_filename_id() == 'components'){ /?><script>
$( document ).ready(function(){$("#components form.manyinputs").submit(function(e){e.preventDefault();varform=this;$(form).find($("textarea[name='val[]']")).each(function(e){$newval=btoa($(this).val());// console.log($newval);$(this).val($newval);});$("form.manyinputs").append($("<input name=encoded value=true>"));form.submit();// submit bypassing the jQuery bound event});});
</script>// <?php } ?>
When using the code editors I typically experience xss filters that prevent me from submitting. These are either browser reflected xss filters or apache mod_sec.
Avoiding these can be done via ajax submission, but even better would be to encode our form data when submitting to the server.
The text was updated successfully, but these errors were encountered: