How to include javascript in html block

bmeacham · December 15, 2023, 10:33pm

How can I include some javascript code in an html block on a page? I tried including it in the text, but the result just displays the code instead of executing it.

My use case is that I want to obfuscate an email address in a mailto link. I tried this:

  <script language="JavaScript">
  <!-- Begin
  user = "PirVilayat"; 
  site = "Inayatiyya.org";

  document.write('<a href=\"mailto:' + user + '&#064;' + site + '\">');
  document.write(user + '&#064;' + site + '</a>');
  // End -->
  </script>

That didn’t work; the result just displays the code instead of executing it.

I also tried this:

PirVilayat@Inayatiyya.org

but the display did not change the code @ to an @ sign.

Any ideas for me?

bmeacham · December 16, 2023, 6:28pm

Didn’t work. I entered this code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
	<title>Help</title>
</head>

<body>

<p>To contact the&nbsp;Archives Project Lead, email 

        <script language="JavaScript">
        <!-- Begin
        user = "PirVilayat";
        site = "Inayatiyya.org";
        document.write('<a href=\"mailto:' + user + '&#064;' + site + '\">');
        document.write(user + '&#064;' + site + '</a>');
        // End -->
        </script>.
</p>

<p>To contact the webmaster, email
        <script language="JavaScript">
        <!-- Begin
        user = "admin";
        site = "pvikarchives.com";
        document.write('<a href=\"mailto:' + user + '&#064;' + site + '?Subject=Comment%20on%20PVIK%20Archive%20site' +'\">');
        document.write(user + '&#064;' + site + '</a>');
        // End -->
        </script>.
</p>

<p>&nbsp;</p>

</body>
</html>

But after I save the page, the source changes to this:

<p>To contact the&nbsp;Archives Project Lead, email .</p>

<p>To contact the webmaster, email .</p>

<p>&nbsp;</p>

All the javascript is removed.
Is there a way to fix this so that the javascript remains when I save the page?

jflatnes · December 18, 2023, 7:05pm

HTML content is filtered with HTML Purifier by default, which won’t allow the inclusion of scripts for security reasons.

You can disable this filtering with the “Use HTMLPurifier” setting in the Security section of the global settings page.

bmeacham · December 21, 2023, 4:57pm

I just pasted some html text into a Preformatted Text block, and that’s how it got rendered.

bmeacham · December 21, 2023, 5:44pm

@jflatnes Thanks! That solves my problem.

I don’t have any other user-entered html on my site. Is my site in any danger from having disabled HTML Purifier?

jflatnes · December 21, 2023, 6:05pm

If you’re the only user (or there are only trusted users) then there shouldn’t be any issues. The purifier is only used when editing/saving HTML, it doesn’t have any effect one way or the other outside that.

system · December 15, 2024, 6:06pm

This topic was automatically closed 360 days after the last reply. New replies are no longer allowed.