General developer forum

 
 
Picture of Marc Peacock-Smith
Stop HTML editor from changing javascript
 

Is there a way of entering javascript into the HTML editor and then it no screwing it up when you select edit again.

The code I am entering creates a link that tracks in google analytics as a google event.

I use:

<a href="eblink/mydomain/file.pdf?forcedownload=1" onClick="_gaq.push(['_trackEvent', 'Downloads','Label 1  ', 'Label 2']);">Label 2 -  </a><br>

the problem is that when I go to edit this again, extra characters and all things nasty gets added into the code by the html editor.  Is there anyway of getting moodle to stop doing this.  Its driving me mad!

 
Average of ratings: -
Tim at Lone Pine Koala Sanctuary
Re: Stop HTML editor from changing javascript
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Do you understand how a hacker can use Cross-site scripting (XSS) and Cross-site request forgery (XSRF) attacks to completely destroy your web site?

If you do, you will understand why Moodle cannot let users enter HTML.

If you don't understand, then http://docs.moodle.org/dev/Security#Common_types_of_security_vulnerability has an explanation.

Note that Moodle already tracks downloads of resources, so you don't really need to do that horrible JavaScript.

 
Average of ratings:Useful (2)
Picture of Marc Peacock-Smith
Re: Stop HTML editor from changing javascript
 

hi Tim

Where is this this tracking information stored?  I cant find this?

Marc

 
Average of ratings: -
Tim at Lone Pine Koala Sanctuary
Re: Stop HTML editor from changing javascript
 
Average of ratings: -
Picture of sohail aslam
Re: Stop HTML editor from changing javascript
 

Hi Tim,

You are right and I understand the risk but still if in case where I can't avoid ( due to some special requirements/reasons). Is there any work around for this?

 

 
Average of ratings: -
Picture of Hubert Chathi
Re: Stop HTML editor from changing javascript
 

You would need to write your own plugin to generate the JavaScript code.

 
Average of ratings: -