• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

RESOLVED <script> tags execute from Description list

Typel

New member
Messages
1
Likes
0
Points
1
#1
It appears that the new version of this plugin (since changing to Woody) has a "Description" column on the Snippet list in wp-admin. Since we didn't have a Description set for our old snippets, it just displays the first part of code right in this space... and any <script> tags which were in the code actually end up executing. This has broken the plugin for us because one line of code in a snippet actually echoes a window.onload redirect.

Can't pause the snippet, can't edit it... because as soon as we load the script list, it redirects away.

EDIT:

We had to get this working so just switched to a different plugin designed specifically for doing redirects - that fixed the issue.

Still, you might want to look into some of these issues:
  • Code (including echo'd javascript) should never be executed from the snippet list
  • At least in a load balanced environment, the snippet list randomly saves or doesn't save changes. It seems to load a different revision every single time you load a snippet. It would seem like since the snippets are saved in wp-posts, they would be consistent between all servers, but instead they are bafflingly randomized. We do not have any caching plugins running, so that can be eliminated as a cause. Really bizarre behavior in this version.
  • Description column is randomly not used when displaying the snippet list - sometimes it loads code in this column, sometimes it loads the Description. Again, kinda random.
Thanks, hope this helps improve the plugin
 
Last edited:

alexkovalev

Program developer
Staff member
Messages
267
Likes
19
Points
18
#2
I think I was able to fix the bug in the new version of the plugin 2.2.8

If you ever back to our plugin, please try a new release.

Best regards, Alex