Pickysaurus Posted July 3, 2023 Share Posted July 3, 2023 Summary When writing a mod description, certain phrases are automatically replaced with "javascript-event-stripped" when the page is loaded. This is commonly seen when providing INI settings due to the similar format to the potentially malicious code the feature is trying to filter. This started when a new security feature was added to prevent inserting JavaScript events into the mod page BBCode around September 2022. Steps to reproduceOn a mod page attempt to add "DefaultGlobalsDefinitionName=gd_globals_custom_overhaul_merged.General.Globals" to the description.Save the page and view the description.See that it has been replaced with "DefaultGlobalsDefinitijavascript-event-strippedgd_globals_custom_overhaul_merged.General.Globals"Expected Behaviour Text is shown as the user typed it. Actual result Part of the text is replaced. Workaround When specifying INI values, you can use BBCode to break up the key/value sections by making the "=" sign bold. Example DefaultGlobalsDefinitionName[b]=[/b]gd_globals_custom_overhaul_merged.General.Globals DefaultGlobalsDefinitionName=gd_globals_custom_overhaul_merged.General.Globals Other Information Original GitHub issue: https://github.com/Nexus-Mods/web-issues/issues/1591 Link to comment Share on other sites More sharing options...
Glanzer Posted September 10, 2023 Share Posted September 10, 2023 This also happens in mod posts. For example I just tried to post this code: dispositionString = "<font color='#FF9999'>"+dispositionString+"</font>" But it came out like this: dispositijavascript-event-stripped Link to comment Share on other sites More sharing options...
Pickysaurus Posted September 26, 2023 Author Share Posted September 26, 2023 This also happens in mod posts. For example I just tried to post this code: dispositionString = "<font color='#FF9999'>"+dispositionString+"</font>" But it came out like this: dispositijavascript-event-stripped Did you try the workaround mentioned above? Link to comment Share on other sites More sharing options...
messiahgov Posted October 18, 2023 Share Posted October 18, 2023 (edited) Still happens and is a pain to workaround, but it works so far. ^^ It still has the original code by editing the post, just seem to have problems to display it correctly. Edited October 18, 2023 by messiahgov Link to comment Share on other sites More sharing options...
jhonssmith Posted October 20, 2023 Share Posted October 20, 2023 Summary When writing a mod description, certain phrases are automatically replaced with "javascript-event-stripped" when the page is loaded. This is commonly seen when providing INI settings due to the similar format to the potentially malicious code the feature is trying to filter. This started when a new security feature was added to prevent inserting JavaScript events into the mod page BBCode around September 2022. Steps to reproduceOn a mod page attempt to add "DefaultGlobalsDefinitionName=gd_globals_custom_overhaul_merged.General.Globals" to the description.Save the page and view the description.See that it has been replaced with "DefaultGlobalsDefinitijavascript-event-strippedgd_globals_custom_overhaul_merged.General.Globals"Expected Behaviour Text is shown as the user typed it. Actual result Part of the text is replaced. Workaround When specifying INI values, you can use BBCode to break up the key/value sections by making the "=" sign bold. Example DefaultGlobalsDefinitionName[b]=[/b]gd_globals_custom_overhaul_merged.General.Globals DefaultGlobalsDefinitionName=gd_globals_custom_overhaul_merged.General.Globals Other Information It seems like you're encountering a specific issue related to a mod description on a website, where certain phrases are automatically replaced with "javascript-event-stripped." This issue started after a new security feature was added in September 2022 to prevent inserting JavaScript events into the mod page BBCode. Below, I'll provide an explanation and potential solutions:Issue Explanation: The website you're using has implemented a security feature to prevent the insertion of potentially malicious JavaScript events into mod descriptions. This feature detects and replaces specific phrases that may resemble JavaScript events or code with the "javascript-event-stripped" tag to ensure the safety and integrity of the platform.Steps to Reproduce: To reproduce the issue, you can simply try to add certain text to your mod description, and the platform will automatically replace that text with "javascript-event-stripped."Workaround: As mentioned in your provided information, there is a workaround for this issue. If you need to specify INI values or include text that may trigger the security filter, you can use BBCode to format the text in a way that won't trigger the filter. For example, by making the "=" sign bold, you can avoid the text replacement. Here's an example:Original:makefileCopy codeDefaultGlobalsDefinitionName=gd_globals_custom_overhaul_merged.General.GlobalsWorkaround:cssCopy codeDefaultGlobalsDefinitionName=gd_globals_custom_overhaul_merged.General.GlobalsThis workaround allows you to present your text as intended without triggering the security feature.Other Information: You've also mentioned the original GitHub issue related to this problem. If you need further assistance or want to track the progress of this issue, you can refer to the GitHub issue you've linked for updates and discussions related to the issue.In summary, while the security feature is in place to protect the website, you can use the suggested BBCode workaround to display your intended text without triggering the "javascript-event-stripped" replacement.Original GitHub issue: https://github.com/Nexus-Mods/web-issues/issues/1591 Link to comment Share on other sites More sharing options...
Pickysaurus Posted December 29, 2023 Author Share Posted December 29, 2023 This issue should now be resolved. 1 Link to comment Share on other sites More sharing options...
Recommended Posts