Hi
Is there anyone who can have a look at the following code:
<input type="hidden" id="gwProxy"><!--Session data--></input><input type="hidden" id="jsProxy" Xonclick="function onclick(event) { jsCall(); }" />
<div id="refHTML"></div>
When I started working on my Moodle site this morning I spotted this code in a web page resource in a course. I thought it might have come with inadvertantly from another editor that I sometimes use, deleted it, and saved the resource. Went back in and it was still there. Had a look at other similar resources on other courses and it is everywhere, right at the end of the file. I do not know a lot about programming, but the Proxy and JS stuff makes me worry.
I am running the latest weekly update 1.9.4+ on a co-hosted Linux server.
Any ideas guys?
This is appearing in Joomla, wordpress and dreamweaver. I am very interested in the issue. Creepy to me.
One thing is it looks like it is being sanitized-- it has Xonclick instead of onclick, which looks like there is some Moodle filtering adding the "X" on to the front of the "onclick" handler, to prevent it from firing, at the very least.
The "X" referred to by Lucien above must be done by the Moodle Forum, not on my side. I have done some further research, and it seems to be something on my Windows PC, not on the Linux server. I have not been able to identify it yet, but it is restricted to one work station in our office. The code also does not get saved in the Moodle website, because it is not there when opened on another work station.
It is something new, as there are a few messages out there on the general www, and seems to affect Joomla as well.
I will let you know if I find something.
It is something new, as there are a few messages out there on the general www, and seems to affect Joomla as well.
I will let you know if I find something.
Yes, it is done by Moodle, just before HTML is displayed, to make it absolutely impossible to laugh cross-site-scripting attacks.
It seems like I have found the guilty party. I work in Firefox and I added an add-on called Browser Highlighter by Ebay inc. Something pointed me to it. I uninstalled it and rebooted the computer - the problem has gone away. I can however not get rid of the file containing the script. It is called Shim.dll. Something is preventing me from deleting it. It does not do anything anymore.
Windows probably has a hook in the .dll Bit unlocker or process explorer will let you kill the process, but not windows, at which point you can delete.
I had to delete it in safe mode.