Skip to Content
author's profile photo Former Member
Former Member

What is the best way to add JavaScript to a certain component or page via WCMS or HMC (i.e. without release)?

When attempting to add JavaScript to a CMSParagraphComponent, the WYSIWYG editor removes the script tag and comments out the JavaScript code.

Add a comment
10|10000 characters needed characters exceeded

Related questions

4 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Aug 12, 2014 at 05:16 PM

    Hi Visilious,

    For security purposes, hybris implements XSS filtering to any content posted to the server. These are regex rules that control what is allowed/denied to be posted. Part of this filtering is by default to remove the JavaScript tags from any input data. There are two ways to modify this:

    1. Modify the XSS rules

    Since version 5.0.3, you can manually control these rules:

    https://wiki.hybris.com/display/release5/Web+Security+XSS+Filter

    You can override or modify the rules by adding them in your local.properties file and changing their values e.g:

     xss.filter.rule.script_fragments=
     xss.filter.rule.lonely_script_tags=
     xss.filter.rule.lonely_script_tags2=
     xss.filter.rule.javascript=
    
    

    2. Modify the WYSIWYG Editor configuration

    Basically extend the class WysiwygEditor and override the method createCockpitFCKEditor. In this method, before returning the CockpitFCKEditor instance, add your attributes. Then set the bean to point to your Wysiwyg editor class instead of the original one. Build, restnd test. See this PLA:

    https://jira.hybris.com/browse/PLA-10842

    Hope this helps.

    Musab.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 11, 2014 at 05:30 PM

    Hi Vasilios,

    You are right in saying that these tags are automatically removed; the editor removes non-HTML markup such as JavaScript.

    A possible solution brought up would be to allow all HTML tags, including JavaScript tags in TinyMCE (in the wysiwygeditor config):

     valid_elements : '*[*]'
    
    

    https://wiki.hybris.com/display/release5/TinyMCE+Editor

    Best regards,

    Niko

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Mar 02, 2016 at 04:44 PM

    Hello, I'm facing the same issue while editing CMS paragraph component, the javascript script tags are being removed. I tried editing it in hmc > WCMS components.

    Also I tried by setting xss filter = false, but no luck!

    Xss filter properties looks as below >
    xss.filter.enabled=false xss.filter.action=STRIP xss.filter.rule.script_fragments= xss.filter.rule.src= xss.filter.rule.lonely_script_tags= xss.filter.rule.lonely_script_tags2= xss.filter.rule.eval= xss.filter.rule.expression= xss.filter.rule.javascript= xss.filter.rule.vbscript= xss.filter.rule.onload=

    Please help! Thanks..

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Sonam,

      did you got any solotion on CMS paragraph component to aviod Javascript is being escaped in the WCMS ?

      Could you please share if it possible.

      Thanks in advance.

      Best Regards, Ankur

  • Posted on Mar 03, 2016 at 02:53 AM

    You need to edit hmc.xml in hmc. If you've stored it in the db, great you can do it on the fly. Otherwise you need to edit the actual file. Find the part in the XML referencing the field that keeps cutting out javascript then adjust it like so. The extended valid elements part is most important.

                       <wysiwygeditor config="theme : 'advanced',
                         convert_urls : false,
                         plugins : 'table,save,advhr,advimage,advlink,emotions,iespell,insertdatetime,searchreplace,print,contextmenu,hybris,safari,charcount',
                         theme_advanced_buttons1_add : 'fontselect,fontsizeselect',
                         theme_advanced_buttons2_add : 'separator,insertdate,inserttime,separator,forecolor,backcolor',
                         theme_advanced_buttons2_add_before: 'cut,copy,paste,separator,search,replace,separator',
                         theme_advanced_buttons3_add_before : 'tablecontrols,separator',
                         theme_advanced_buttons3_add : 'emotions,iespell,advhr,separator,medialink,anyitemlink,preview,charcount',
                         theme_advanced_toolbar_location : 'top',
                         theme_advanced_toolbar_align : 'left',
                         plugin_insertdate_dateFormat : '%Y-%m-%d',
                         plugin_insertdate_timeFormat : '%H:%M:%S',                       
                         valid_elements:
                         '+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong[class|style],-b[class|style],-em[class|style],-i[class|style],-strike[class|style],-u[class|style],#p[id|style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border|alt=|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[id|style|dir|class|align],-h2[id|style|dir|class|align],-h3[id|style|dir|class|align],-h4[id|style|dir|class|align],-h5[id|style|dir|class|align],-h6[id|style|dir|class|align],hr[class|style],-font[face|size|style|id|class|dir|color],dd[id|class|title|style|dir|lang],dl[id|class|title|style|dir|lang],dt[id|class|title|style|dir|lang]',
                         extended_valid_elements :'*[*]',                 
                          
                         "/>
                             </attribute>
    
    Add a comment
    10|10000 characters needed characters exceeded