CouchCMS Forum Bug Reporting and Troubleshooting
Problems, need help? Have a tip or advice? Post it here.
9 posts Page 1 of 1
Post a reply
Previous Next

xxx gets inserted in link (actual xxx!)

avatar
ellen
Registered User
I have the weirdest problem! I have a couch enabled page which has a link to a Word doc (.docx). The file name and path of the word doc starts like this
Code: Select all
<a href="docs/job descripton...


When I edit the page in Couch, xxx gets added into the link, thus breaking it, like this:
Code: Select all
<a href="docs/job descxxxripton ...


I have absolutely no idea where this has come from. We have not used xxx as a test directory or anything on the website. If I edit the source and remove the 'xxx' it comes back as soon as the page is saved. Can anyone help please?

I will continue to investigate and post back any findings :)

Re: xxx gets inserted in link (actual xxx!)

avatar
KK
Moderator
Hi Ellen,

I'll require two things to duplicate the issue and try to troubleshoot it -
1. The exact definition of the editable region in which you are inputting the link.
2. The exact input.

Could you please provide me with both?
Thanks.

Re: xxx gets inserted in link (actual xxx!)

avatar
ellen
Registered User
Thanks for the quick reply! Sure - I'll send you further details in a PM just now.

Re: xxx gets inserted in link (actual xxx!)

avatar
ellen
Registered User
I have found a workaround to this problem, by changing the filename to 'job desc' instead of 'job description' it now works. Could it be that the word 'script' contained within 'description' is causing the problem?

Re: xxx gets inserted in link (actual xxx!)

avatar
KK
Moderator
Thank you Ellen for PMing the data I asked for.

As a security measure, Couch sanitizes all inputs and tries to neutralize (potentially) malicious parameters by inserting 'xxx' into them.
So, you are right the 'script' within 'href' of 'a' tag seems to be freaking it out :)

Sorry for the inconvenience - clearly it is paranoid behaviour on part of Couch in this particular instance but it is for your security so please bear with it. As you noticed, simply changing the file name a little fixes the problem.

Thanks.

Re: xxx gets inserted in link (actual xxx!)

avatar
aman2187
Registered User
is there any way to override this behavior? we need to link to a site (such as transcripts.com) and the xxx inclusion is causing major headaches

Re: xxx gets inserted in link (actual xxx!)

avatar
KK
Moderator
@aman,
Use editable region of type 'textarea' and set its 'no_xss_check' param to '1' e.g.
Code: Select all
<cms:editable name='my_content' no_xss_check='1' type='textarea'>

Use the 'height' parameter if a textarea seems too large a replacement for text box.

Hope this helps.

Re: xxx gets inserted in link (actual xxx!)

avatar
aman2187
Registered User
will it not work for richtext? need the wysiwyg

Re: xxx gets inserted in link (actual xxx!)

avatar
KK
Moderator
I'm afraid not. Only textarea supports this.

If wysiwyg is mandatory, maybe you can devise a shortcode and use it instead?
http://www.couchcms.com/docs/miscellane ... codes.html
Post a reply
Previous Next
9 posts Page 1 of 1
Return to Bug Reporting and Troubleshooting

cron