javascript in evo skin plugins no longer working

petersconsult

petersconsult

Verified User
Joined
Sep 10, 2021
Messages
78
Hello all,

i have some very simple plugins that work as shortcuts to 'login-as' which use javascript..

However, since a very recent version update, this javascript is ignored..
for example, this, which used to work just fine, will not be treated as javascript:
Code: 
<a href="javascript:var xhr=new XMLHttpRequest();var url='/api/session/login-as/switch?json=yes&redirect=yes';xhr.open('POST',url,true);xhr.setRequestHeader('Content-Type','application/json');var data=JSON.stringify({'json':'yes','username':'userAccount','referer':'/'});xhr.onload=()=>{window.location.reload();};xhr.send(data);">userAccount Login</a>

And this, which also used to work just fine, the javascript is disregarded:
Code: 
<a href="#" onClick="var xhr=new XMLHttpRequest();var url='/api/session/login-as/switch?json=yes&redirect=yes';xhr.open('POST',url,true);xhr.setRequestHeader('Content-Type','application/json');var data=JSON.stringify({'json':'yes','username':'userAccount','referer':'/'});xhr.onload=()=>{window.location.reload();};xhr.send(data);">userAccount Login</a>

Has javascript been disabled for good?
i really liked having these shortcuts to 'login-as'..

Thank You!

EDIT: this is the same issue that surfaced a while back
 
Last edited:
DirectAdmin’s Evo skin now blocks inline JavaScript for security, which is why your shortcuts stopped working.

Fixes:
  1. Move JS to a &lt;script&gt; block or external file and use event listeners.
  2. Check Evo skin settings for “Disable inline JS” and turn it off if possible.
  3. Use custom plugin files under /usr/local/directadmin/plugins/ instead of inline JS.
Inline JS is discouraged for security, so this change is intentional.
 
Hello,
Thank you for your reply!

i tried moving the javascript to a script block and adding an event listener, but the JS block is completely stripped out..
i haven't found a setting in evo skin concerning inline JS
this is already a plugin file in /usr/local/directadmin/plugins/

Thank You!

PS: here's the contents of the /usr/local/directadmin/plugins/<plugin_name>/hooks/ admin_txt.html and admin_img.html
Code: 
<a href="#" id="myuser_accountlogin">myUser Login</a>
<script>
    var myuser_accountlogin=document.getElementById("myuser_accountlogin");
    function MyGoToClientAccount(){
        var xhr=new XMLHttpRequest();
        var url='/api/session/login-as/switch?json=yes&redirect=yes';
        xhr.open('POST',url,true);
        xhr.setRequestHeader('Content-Type','application/json');
        var data=JSON.stringify({'json':'yes','username':'myUser','referer':'/'});
        xhr.onload=()=>{window.location.reload();};
        xhr.send(data);
        return false;
    };
    myuser_accountlogin.addEventListener("click", MyGoToClientAccount, false);
</script>
 
Last edited:
In the recent DirectAdmin releases, the menu items from plugins are returned as structured data instead of HTML blobs. Any extra attributes on the menu entry a element will get discarded.

If you want to be able to inject JS code into Evolution, the best way forward would be creating a widget. It will be visible in the dashboard. Any JS code there will control the main Evolution window.
 
Thank you for the info..

That sounds pretty final..
i can't find any documentation on creating widgets..

That's too bad..
I really liked having these shortcuts..

Thank You
 
While we're on the subject of menu items, I can't quite work out something as well. Ever since a few updates back, I'm unable to add a "File Manager" shortcut to the Admin area. If I switch to the user area that's fine, but it was handy having a File Manager shortcut before. Before I was adding a shortcut and adding the "/CMD_" extension to call the File Manager. Now its called with /user/filemanager and if you enter that address in the admin area, as admin items are prefixed with /admin/ i'm unable to call the File Manager from the Admin panel. It's not obligatory that I have the shortcut, but would be nice to be able to add the shortcut again.
1758221557071.png
 

Attachments

  • 1758221401193.png
    1758221401193.png
    50.7 KB · Views: 3
Last edited:
Try creating menu item with the following configuration:

1758225196031.png


Key points:
  • If Open in new tab is disabled it means the Link will be internal link for Evolution.
  • The Link should be /user/filemanager to navigate to FM page. The internal Evolution links are written under the existing menu items, so I just copied it from he menu item that opens FM from the user access level menu.
 
fln said:
Try creating menu item with the following configuration:

View attachment 9307

Key points:
  • If Open in new tab is disabled it means the Link will be internal link for Evolution.
  • The Link should be /user/filemanager to navigate to FM page. The internal Evolution links are written under the existing menu items, so I just copied it from he menu item that opens FM from the user access level menu.
Click to expand...
Thank you. I was creating the link WITH the "Open in new tab" set, which was the issue. [ FileManager used to open in a new tab with the CMD_ call ] And thank you @fln for all help today, you've been brilliant. As they say, " Every day is a school day! " 😁
 
You must log in or register to reply here.
Back
Top