JavaScript and CSS Codes Removed After Hikashop Update

  • Posts: 1
  • Thank you received: 0
2 weeks 1 hour ago #363982

-- HikaShop version -- : 5.1.1
-- Joomla version -- : 4
-- PHP version -- : 8.1

I recently updated Hikashop to the latest version and have encountered an issue with the content editor. When I insert JavaScript or CSS codes in the Hikashop content editor (such as for product descriptions or custom scripts), the codes are completely removed after saving.

Key details of the issue:

This problem only occurs within the Hikashop content editor. The issue does not happen in other parts of Joomla (e.g., articles), where the codes are saved correctly.
I have tried multiple editors (like JCE, TinyMCE, etc.), but the problem persists with all of them.
There was no such issue in the previous version of Hikashop, and it seems to have appeared after the update.
Joomla's text filters (Text Filters) for my user group are set to "No Filtering."
Could you please advise on how to resolve this issue? Is it related to new security settings in the updated version? Any guidance would be greatly appreciated.

Thank you in advance for your help.

Please Log in or Create an account to join the conversation.

  • Posts: 82723
  • Thank you received: 13338
  • MODERATOR
1 week 6 days ago #363989

Hi,

Allowing the saving of the javascript and CSS from the editor means that if someone has access to your backend, they can inject code via the editor, which, if displayed by you with your super admin account could allow the elevation of their user account's priviledges to become super admin and take control over your website.

HikaShop was allowing this by default before the 5.1.1 as the risk for this to happen is quite low since it already requires backend access. However, we reinforced the default security to not allow this by default with the 5.1.1. Now, if you want to allow for this, you need to turn off the "Filter HTML in description" setting of the HikaShop configuration.

Last edit: 1 week 6 days ago by nicolas.

Please Log in or Create an account to join the conversation.

Time to create page: 0.054 seconds
Powered by Kunena Forum