All the forms on my site are showing an XSS attempt error on submission. They were working, not sure what changed to prevent them from working.
I have tried to remove cache and I removed the CSRF field from one of the forms but nothing changed.
CMSMS Version 2.2.15
CMSMailer 6.2.14
FormBuilder 1.1
FormBuilder submit error: XSS attempt!
-
- Forum Members
- Posts: 25
- Joined: Mon Jan 02, 2017 10:27 pm
Re: FormBuilder submit error: XSS attempt!
I only run into this when trying to resend the form (refresh page) or sending too often within short time periods (what happens while developing, but not regulary).
I came to the idea it could have issues with the cookies … especially the admin-cookies … because, when I used another Browser (developing with Firefox switching to Chrome or vice versa) in incognito mode, it worked every single time without a single error.
Hence the most important question was for me: Will the user run into an error too?
And as far I could tell: No, he probalby won't.
If I can avoid errors by browsing incognito, it'll probably work for the user too.
This new feature is probably really nice … however I'd really wish I could track the number of such errors.
While the URL is not different at all, and also I could not find any kind of adjustable content* where I could place an UDT (for example, to increment a number in a text file or set up a log) I thought this may be tricky to trust.
* Altering the translation file is maybe not best practise. Also I don't know if I could run PHP oder Smarty from a translation variable.
I came to the idea it could have issues with the cookies … especially the admin-cookies … because, when I used another Browser (developing with Firefox switching to Chrome or vice versa) in incognito mode, it worked every single time without a single error.
Hence the most important question was for me: Will the user run into an error too?
And as far I could tell: No, he probalby won't.
If I can avoid errors by browsing incognito, it'll probably work for the user too.
This new feature is probably really nice … however I'd really wish I could track the number of such errors.
While the URL is not different at all, and also I could not find any kind of adjustable content* where I could place an UDT (for example, to increment a number in a text file or set up a log) I thought this may be tricky to trust.
* Altering the translation file is maybe not best practise. Also I don't know if I could run PHP oder Smarty from a translation variable.
Re: FormBuilder submit error: XSS attempt!
I was finally able to reproduce this issue... it's fixed in SVN and I'll release the new version as soon as I have some time to cut it. Thanks.
"There are 10 types of people in this world, those who understand binary... and those who don't."
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
- master3395
- Forum Members
- Posts: 94
- Joined: Mon Mar 30, 2015 7:13 am
- Location: Norway
Re: FormBuilder submit error: XSS attempt!
Did you find any time to update this
I got the same issue on my end today.
- timdebuurman
- Power Poster
- Posts: 891
- Joined: Sun Nov 06, 2011 8:15 pm
- Location: Deventer, Netherlands
Re: FormBuilder submit error: XSS attempt!
Hi, I came across this issue today. Any idea on when the new release may come?
NextDoorMedia - Online Marketing Partner
https://www.nextdoormedia.nl
https://www.nextdoormedia.nl
Re: FormBuilder submit error: XSS attempt!
I will do some more minor fixes and tests and will release a new version this week.
- + - + - + - + - + - + -
LATEST TUTORIAL AT CMS CAN BE SIMPLE:
Migrating Company Directory module to LISE
Migrating Company Directory module to LISE
- + - + - + - + - + - + -