javascript in evo skin plugins no longer working

petersconsult

petersconsult

Verified User
Joined
Sep 10, 2021
Messages
78
Hello all,

i have some very simple plugins that work as shortcuts to 'login-as' which use javascript..

However, since a very recent version update, this javascript is ignored..
for example, this, which used to work just fine, will not be treated as javascript:
Code: 
<a href="javascript:var xhr=new XMLHttpRequest();var url='/api/session/login-as/switch?json=yes&redirect=yes';xhr.open('POST',url,true);xhr.setRequestHeader('Content-Type','application/json');var data=JSON.stringify({'json':'yes','username':'userAccount','referer':'/'});xhr.onload=()=>{window.location.reload();};xhr.send(data);">userAccount Login</a>

And this, which also used to work just fine, the javascript is disregarded:
Code: 
<a href="#" onClick="var xhr=new XMLHttpRequest();var url='/api/session/login-as/switch?json=yes&redirect=yes';xhr.open('POST',url,true);xhr.setRequestHeader('Content-Type','application/json');var data=JSON.stringify({'json':'yes','username':'userAccount','referer':'/'});xhr.onload=()=>{window.location.reload();};xhr.send(data);">userAccount Login</a>

Has javascript been disabled for good?
i really liked having these shortcuts to 'login-as'..

Thank You!

EDIT: this is the same issue that surfaced a while back
 
Last edited:
DirectAdmin’s Evo skin now blocks inline JavaScript for security, which is why your shortcuts stopped working.

Fixes:
  1. Move JS to a &lt;script&gt; block or external file and use event listeners.
  2. Check Evo skin settings for “Disable inline JS” and turn it off if possible.
  3. Use custom plugin files under /usr/local/directadmin/plugins/ instead of inline JS.
Inline JS is discouraged for security, so this change is intentional.
 
Hello,
Thank you for your reply!

i tried moving the javascript to a script block and adding an event listener, but the JS block is completely stripped out..
i haven't found a setting in evo skin concerning inline JS
this is already a plugin file in /usr/local/directadmin/plugins/

Thank You!

PS: here's the contents of the /usr/local/directadmin/plugins/<plugin_name>/hooks/ admin_txt.html and admin_img.html
Code: 
<a href="#" id="myuser_accountlogin">myUser Login</a>
<script>
    var myuser_accountlogin=document.getElementById("myuser_accountlogin");
    function MyGoToClientAccount(){
        var xhr=new XMLHttpRequest();
        var url='/api/session/login-as/switch?json=yes&redirect=yes';
        xhr.open('POST',url,true);
        xhr.setRequestHeader('Content-Type','application/json');
        var data=JSON.stringify({'json':'yes','username':'myUser','referer':'/'});
        xhr.onload=()=>{window.location.reload();};
        xhr.send(data);
        return false;
    };
    myuser_accountlogin.addEventListener("click", MyGoToClientAccount, false);
</script>
 
Last edited:
In the recent DirectAdmin releases, the menu items from plugins are returned as structured data instead of HTML blobs. Any extra attributes on the menu entry a element will get discarded.

If you want to be able to inject JS code into Evolution, the best way forward would be creating a widget. It will be visible in the dashboard. Any JS code there will control the main Evolution window.
 
Thank you for the info..

That sounds pretty final..
i can't find any documentation on creating widgets..

That's too bad..
I really liked having these shortcuts..

Thank You
 
You must log in or register to reply here.
Back
Top