Conversation
supportI had some javascript in the custom button code field that has always worked until recently. Now, the script does get run as javascript, and instead just displays text on the screen. I assume something has changed in a recent update. The page I need help with: [ log in to see the link]
Hi! Sorry for the inconvenience caused 😕, it is indeed due to a recent security update that prevents adding scripts to backend fields to prevent any malicious code execution (and enhance overall security). We recommend placing your script in the footer of your website or using a separate JavaScript file. You can target the button using a custom selector within the script (which is likely already the case). We are exploring alternative solutions to avoid having to do the above, if you need assistance with this or have any questions, feel free to ask us here: https://help.wpdarko.com/en ! A dev from our team can help you get it to work! This reply was modified 2 years, 3 months ago by WP Darko .
It also strips out any “onclick” code, etc. I don’t see any warning or text in the admin screen saying you can’t use javascript in that section. Might be good to at least add that to the info pop-up.
It makes sense, you are right, we have patched several plugins already and we should either add a notice to the backend or find a smoother way to deal with custom scripts. Again, very sorry for the inconvenience caused, if you need any help with getting your scripts to work, please let us know and we will look into it ( https://help.wpdarko.com/en )
Similar thread here: https://wordpress.org/support/topic/paypal-buttons-not-working-in-table/
Hello, Good news! It might work now with v5.1.12 . We have worked on a fix with the help of the nice people at WPScan. Administrators and Editors can now add unfiltered HTML to the custom button field. I do not know what your custom snippet looks like so I can’t confirm that it’ll work 100% but you should definitely try. Note that you might need to publish your pricing table again (hit Publish) in order to save the snippet in your database. This reply was modified 2 years, 2 months ago by WP Darko . This reply was modified 2 years, 2 months ago by WP Darko .
Hi! Sorry for the inconvenience caused 😕, it is indeed due to a recent security update that prevents adding scripts to backend fields to prevent any malicious code execution (and enhance overall security). We recommend placing your script in the footer of your website or using a separate JavaScript file. You can target the button using a custom selector within the script (which is likely already the case). We are exploring alternative solutions to avoid having to do the above, if you need assistance with this or have any questions, feel free to ask us here: https://help.wpdarko.com/en ! A dev from our team can help you get it to work! This reply was modified 2 years, 3 months ago by WP Darko .
It also strips out any “onclick” code, etc. I don’t see any warning or text in the admin screen saying you can’t use javascript in that section. Might be good to at least add that to the info pop-up.
It makes sense, you are right, we have patched several plugins already and we should either add a notice to the backend or find a smoother way to deal with custom scripts. Again, very sorry for the inconvenience caused, if you need any help with getting your scripts to work, please let us know and we will look into it ( https://help.wpdarko.com/en )
Similar thread here: https://wordpress.org/support/topic/paypal-buttons-not-working-in-table/
Hello, Good news! It might work now with v5.1.12 . We have worked on a fix with the help of the nice people at WPScan. Administrators and Editors can now add unfiltered HTML to the custom button field. I do not know what your custom snippet looks like so I can’t confirm that it’ll work 100% but you should definitely try. Note that you might need to publish your pricing table again (hit Publish) in order to save the snippet in your database. This reply was modified 2 years, 2 months ago by WP Darko . This reply was modified 2 years, 2 months ago by WP Darko .