Is it possible to execute Javscript code in the Body/Description of a Drupal node? It won't be in PHP input mode.
+1
A:
Use drupal_add_js() in either a custom module or the theme template.php.
Although (not recommended) if you disable HTML Filter in the Input Formats, it should let you paste script code. This WILL open you up to XSS attacks though, depending on other settings.
Kevin
2010-06-07 22:35:18
Um, I actually can't change that stuff. I have an 'author' privileges level, so I can add and edit articles and nodes, but not do any admin stuff. Any ideas how to get around that?
Leticia Meyer
2010-06-07 22:52:20
With HTML Filter enabled on Input Formats, it will never allow you to do things like inline style or script tags, it doesn't matter what the filter level is. Coupled with a WYSIWYG editor, script won't make it through. You're better off adding javascript to the site in the theming layer instead of expose your input system to potential attacks. You can add the javascript file easily with drupal_add_js. Refer to this http://freestylesystems.co.uk/blog/adding-javascript-file-drupal-theme
Kevin
2010-06-08 01:13:57
A:
Alert! This means your site is a high security risk. You're leaving it open to being used for Cross Site Scripting attacks. You'd be better of not implementing this idea. Developers are better of not advising someone on how to do this.
Rimian
2010-06-08 03:23:29