Script Tag in "After the form is submitted" display text

Danny Winbourne asked on December 8, 2021 10:46

Previously (in Kentico Version 12), we were able to include a <script> tab in the "Display text" for after a form is submitted.

But, since upgrading to Kentico 13, the <script> tag is displayed literally on the page, and not included as an actual tag.

I have tried encoding the tag, but this didn't work.

Correct Answer

Zoltán Jalsovszky answered on December 8, 2021 12:09

Hi Danny,

Using <script> tags (or any HTML) in the Display text property was never officially possible. In order to avoid XSS attacks, HTML tags are not allowed in this property.

If you need to do a complex action upon form submission, we recommend using the Redirect to URL option instead, where you can execute your script on the confirmation page.

0 votesVote for this answer Unmark Correct answer

Recent Answers

Danny Winbourne answered on December 8, 2021 12:12

Thank you Zoltán.

For the benefit of others, was this the issue fixed "Self Cross-site scripting when submitting forms" in 13.0.27 ?

0 votesVote for this answer Mark as a Correct answer

Zoltán Jalsovszky answered on December 8, 2021 12:59

Danny, 13.0.27 fixes another security issues and is not related to this. The issue with the Display text property was fixed in 13.0.0 (meaning that using HTML tags was still possible in Kentico 12, but not possible any more in Xperience 13).

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.