content:encoded should not contain onclick attribute

  • Our daily newsletter is created by reading our site’s RSS feed. Recently we started having issues with customers not getting any content, only the unsub message. We were told by our newsletter maker (MailChimp) that the issue is with the onclick.

    This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

    *line 36, column 0: content:encoded should not contain onclick attribute (95 occurrences)

    I looked at the “solution” for this and it stated:

    Consider removing the potentially unsafe HTML attribute. At a minimum, ensure that your content will still display as intended if this attribute is stripped by security conscious clients.

    When I look at the HTML code that we have input, there are no occurrences of onclick, so this is something that WordPress is creating itself.

    How do I tell WordPress to NOT include the onclick?

Viewing 6 replies - 1 through 6 (of 6 total)

  • It’s unlikely to be WordPress and more likely to be your theme or your content. A link to your site might help…

    Thread Starter fortissimo

    (@fortissimo)

    It doesn’t matter what theme I pick, including the WordPress Classic.

    https://www.gottapixel.net/blog/

    Looking at the html, there is no onclick in the html.

    onclick is in the store links you are adding to your posts:

    Find today’s daily download in <a href="https://www.gottapixel.net/store/manufacturers.php?manufacturerid=25/?digifree" onclick="">

    <a href="https://www.gottapixel.net/store/product.php?productid=25190&cat=25&page=1" onclick="">

    Thread Starter fortissimo

    (@fortissimo)

    I understand that they are showing up, however, like I mentioned, we are not putting them there. When you view the actual HTML that we paste in, there is no reference to onclick, which is why I need to know how to tell WordPress to stop putting it there.

    This is the code that we paste into the HTML window.

    <p align="left">Find today’s daily download in <a href="https://www.gottapixel.net/store/manufacturers.php?manufacturerid=25/?digifree"><span style="font-weight: bold;">Kathryn Estry's</span></a> store (she is providing her part of the collaboration from November 1-7. The daily download will have this icon under it.

    We aren’t adding this information… so how do I tell it to stop adding it?

    Maybe a plugin is adding it.

    Or the pasted code is actually a link to a script on the external site which, in turn, is inserting the onclick into the final displayed page.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘content:encoded should not contain onclick attribute’ is closed to new replies.