Error when pasting video embed code with script inside CKEditor

Yoyo Bubble asked on May 31, 2018 22:35

Ahoy, Kentipeeps!

Hope all is well with you!

I've decided to come back and revise this question based on some new information.

Overview: I've created a simple widget that a content editor can use to add a video to a page. It has a field where they can paste in a video embed code snippet. The code we're attempting to use contains a script tag that is required for some added functionality from the video vendor.

Issue: When you insert the widget into a widget zone, everything works as intended. The problem is when you insert the widget into the CKEditor(WYSIWYG), it will not work. Not only will it not work but the browser will display this error - in Chromes case:

Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards).

But this also occurs in other major browsers.

I was provided an answer to why I would recieve this error below (Thanks Zach) - The browser thinks I'm inserting a malicious script. But I haven't been able to find an actual solution to get this widget to work in the CKEditor.

So the real question is: Is there a way to paste video embed code, or I guess just a script in general, into the CKEditor and not have it break?

I am stuck on this one so I am grateful for any help lol

Thanks! YoYo Bubs

Kentico 4Ever

SiteCore Never

Correct Answer

Sir McShneebles answered on June 25, 2018 20:18

I have travelled far and wide, met with many scholars and so-called wiseman, But this issue still eludes me.

Yoyo, have you tried changing the data type of the field you are entering your code into to 'long text'.

This could be your solution supreme.

Regards,

Sir McShneebles

1 votesVote for this answer Unmark Correct answer

Recent Answers

Zach Perry answered on May 31, 2018 22:57

What version of chrome are you using?

What is the error code at the bottom?

Read this article

0 votesVote for this answer Mark as a Correct answer

Yoyo Bubble answered on June 1, 2018 21:01

Hey Zach,

Thanks for the reply! That link was helpful in figuring out why this is happening but, unfortunatley, it won't solve the issue since we can't depend on our CMS users to be able to update their Chrome client to disable the XSS auditor.

My Chrome versions is Version 67.0.3396.62 (Official Build) (64-bit)

I pasted the error I recieved in the opening question unless you meant something else.

I've actually discovered this issue is occuring in other browsers as well - not just Chrome. The issue seems to be that the WYSIWYG editor can't contain any JS scripts. If anyone knows of a way to be able to get a JS script to work in the WYSIWYG editor then that should solve the issue.

Thanks in advance, Kenticans!

0 votesVote for this answer Mark as a Correct answer

Sir McShneebles answered on June 12, 2018 22:46

I do say sir, that this question is mostly preposterous and at the same time quite pontiferous!

Have you tried changing your browser to Firefoxly?

Regards,

Sir McShneebles

0 votesVote for this answer Mark as a Correct answer