Blog items tagged with "security"

Where, Oh Where Has My Little Script Gone...

Scripting...oh where, oh where can it be!  Was your web site running a script that has seemed to stop working (or no longer even appears in the content) since your upgrade to v2.3.1 (or one of the v2.1.4 or v2.2.3 security patches)?  Well on the 'plus' side, that means the security fix is working, but that's not what you wanted to hear.  To help eliminate possible site security issues which could be caused by script injections, we now strip all content of any 'script' tags EXCEPT within Code Snippet modules.  Therefore, if you had embedded a script such as Google Analytics or similar within a Text module, it is now stripped out before saving or displaying.  What you'll need to do is either embed the script directly within the theme/subtheme template file (e.g., v2.3.3 now allows calling a script or code directly from the expTheme::foot() call) or use a Code Snippet module on the page. (read more)

About the author

Dave Leffler
Exponent CMS Developer