Add To All stripping/mangling script code and html comments?

I think the forum just converted a few things around so your <! looks the same in both cases.
I suspect it’s likely to be the case of the WordPress sanitisation functions that Add to All uses that is destroying the code. Can you tell me what the MailMunch code looks like (removing any private keys etc.)

Sure.

Here’s the before:

<!-- Paste this code right before the </head> tag on every page of your site. --> 
<script src="//a.mailmunch.co/app/v1/site.js" id="mailmunch-script" data-mailmunch-site-id="123456" async="async"></script>

Here’s the after:

<!-- Paste this code right before the </head> tag on every page of your site. --> 
<script src="//a.mailmunch.co/app/v1/site.js" async="async"></script>

Thanks. That helps. You can fix this by editing the include/admin/save-settings file to add the following lines after charset under the script section:

https://github.com/ajaydsouza/add-to-all/blob/master/includes/admin/save-settings.php#L158

			'id' => true,
			'data-mailmunch-site-id' => true,

In the next version, I’ll add a new field, which will allow for this to be easier to override the fields.

Hey Ajay, this seems to be a much bigger problem than we first thought.

Before this latest update, we could paste any HTML, CSS, Javascript in these 2 text boxes and they would just be added – it always worked.

Now we are seeing various things being silently stripped.

Here is an example of what’s happening today… some MailMunch, but also another meta tag provided by a site to verify domain ownership.

<meta name="p:domain_verify" content="xxxx"/>

<script src="//a.mailmunch.co/app/v1/site.js" id="mailmunch-script" data-mailmunch-site-id="2342343234" async="async"></script>

Are these new sanitization functions that have been added?

and more importantly, how can we disable them so we can use the plugin as before? ??

Please advise.

Thanks!

Ajay, quick update – i just verified that I’m still able to added this exact code to the Genesis “Header Scripts” and “footer scripts” text boxes. Wanted to make sure it’s not a wordpress related thing…

Screenshot: https://www.screencast.com/t/5sm6tJZo

But Add To All is stripping things now for some reason… and it never did that before, we could reliably add any code snippets required to header/footer.

this workaround only works on themes that are based on Genesis and it’s non-standard… so hoping to find a workaround for Add To All.

Thanks!

The fastest way to disable this for now is to comment out / delete this line in the plugin.

https://github.com/ajaydsouza/add-to-all/blob/master/includes/admin/save-settings.php#L184

add_filter( 'ata_settings_sanitize_textarea', 'ata_sanitize_textarea_field' );

Can you tell me what exactly are you seeing getting stripped out?

Hi there!

Thanks for the workaround.

One example…

This:

<meta name="p:domain_verify" content="asdfasdfasdfsadfasdfsadfsda"/>

<script src="//a.mailmunch.co/app/v1/site.js" id="mailmunch-script" data-mailmunch-site-id="2232323" async="async"></script>

Becomes this after submitting:
<script src="//a.mailmunch.co/app/v1/site.js" async="async"></script>

Is this scrubbing a new feature in the latest version of the plugin?

It would be really great to have a setting in wp-options to disable it. ??

Thanks!

It was a security feature to sanitise all inputs. I clearly need to tune it more to allow for many things to come through. It’s one I’ll work on in the next option.

Adding a complete option to disable isn’t ideal, but I’ll allow a way to add more tags and attributes, e.g. the meta and the async etc.

I’ve released an updated version that disables this checks. I’ll try to find a more compatible solution in the next version.