No html allowed in "BLOCKCMSINFO"

[Disfruta]

Hello, I've can't insert html in "BLOCKCMSINFO" it doesn't save the changes. Any idea about it?

[vekia]

hello

what code you're trying to insert?

[Disfruta]

Hello vekia and thank you for your answer,

 

I'm tryingo to insert a twitter widget (this one)

 

<a class="twitter-timeline" href="https://twitter.com/RibamarConserva" data-widget-id="445914153249558529">Tweets por @RibamarConserva</a>

<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id))platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);[spam-filter](document,"script","twitter-wjs");</script>

 

But  it does't save 

Edited March 21, 2014 by Disfruta (see edit history)

[jetx]

The Js is being stripped, without that the html on its own should work fine. Maybe try using {literal} {/literal} tags around your Js. Might work, don't know.

Edited March 21, 2014 by jetx (see edit history)

[Disfruta]

The Js is being stripped, without that the html on its own should work fine. Maybe try using {literal} {/literal} tags around your Js. Might work, don't know.

 

Thank you for your idea, jetx, I've tryed to insert {literal} {/literal} tags like this and still doesn't work

 

{literal}<a class="twitter-timeline" href="https://twitter.com/RibamarConserva" data-widget-id="445914153249558529">Tweets por @RibamarConserva</a>

<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id))platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);[spam-filter](document,"script","twitter-wjs");</script>{/literal}

 

<a class="twitter-timeline" href="https://twitter.com/RibamarConserva" data-widget-id="445914153249558529">Tweets por @RibamarConserva</a>

{literal}<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id))platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);[spam-filter](document,"script","twitter-wjs");</script>{/literal}

Edited March 21, 2014 by Disfruta (see edit history)

[l_raath]

Hi, I also have had difficulty with this block.

 

I tried adding a twitter timeline also but no luck.

 

I also tried to embed a video in this block but also no luck with youtube embed codes <iframe>.  Furthermore, i tried uploading a mp4 video by using the file manager to upload it and select it but after the upload, it doesn't show the video in the file manager list.

 

Any ideas?

[kazakh-woman]

I have it problem in product extratab with tinymce editor.  After update to 1.6.0.5 today  in tab I dont see youtube video

[gabeshackle]

After upgrading to 1.6.0.5 I'm also seeing all <script> tag contents being stripped from Smarty output even when using {literal} wrappers.  This is a pretty significant issue as it completely destroys all inline JavaScript.

[vekia]

hello

what extratab module you use?

you've got problem only with this feature?

[gabeshackle]

One thing I've noticed that may be quite problematic for people is that as of 1.6 it appears that all inline JavaScript is being forced to the bottom of the page.  This would essentially break any inline script that was dependent on where it was supposed to be written within the page.  How can we disable or at least force this not to happen on a case by case basis?

[vekia]

why you think that it will affect script? ( i mean scripts in footer )

today is not a problem, especially with jquery where you can define 

$( document ).ready(function() {
    console.log( "execute the script here");
});

then scrip will be executed after full page load

then it will work always, no matter where it will be included

[gabeshackle]

This makes the erroneous assumption that everyone follows the best practices rules regarding using jQuery.  I have a few 3rd party vendors that require their code being in the header.  With the current version of PrestaShop (1.6) this is impossible.

 

As a workaround I created a Media class override that allows for a specific custom attribute to be applied to the opening <script> tag which will allow you to keep that tag where it is and render the JavaScript in that position within the HTML.  I've posted this script and an example on GitHub here:

 

https://gist.github.com/hereswhatidid/8c8edef106ee95138b03

 

If you take that Media.php file and place it within the /overrides/classes/ directory of your installation, then delete the /cache/class_index.php file you should be able to use that method.  I'm not sure if that's the ideal way to handle it but it works for me currently.

[vekia]

 

 

party vendors that require their code being in the header.

and why they require that? What makes this code needs to be there?

[gabeshackle]

There are a couple live chat providers who's documentation state that the embed code should be placed in the head of the site.  Either way, this kind of optimization is something that should at the very least be a global setting that can be turned on or off and ideally could be manipulated on the individual instances like in my override.  In my opinion, PrestaShop should not be modifying template controlled HTML unless the owner of the code is intentionally initializing it.  It took a good 2-3 hours of investigation just to figure out specifically what was going on when this started happening.  This change definitely feels like it's someone's opinion of proper code practice being forced on the developers regardless of the impact it will have.  Especially this particular type of change as the improvement to page and site performance is extremely minor at best.

[Gregory Roussac]

Hi,

 

Thank you for your feedback.

 

These commits will enable this option in CCC

 

https://github.com/PrestaShop/PrestaShop/commit/dfbe2d4e4d6ec5a9dafd779e54ce3e3f3a0423a1

https://github.com/PrestaShop/PrestaShop/commit/a8220be9e9933c55b03bd452568c9a03a9149aab

 

I will however try to also implement your data attribute as it is a good idea.

 

Best regards

[shopapps]

Hi,

 

This new methodology also broke one of my modules where variables had to be set before calling in an external JS file.  With PS1.6 the script variables where removed and stuffed to the bottom of the page, but the <script src=xxx.js> was left where it was. 

 

The prime example of this is Google AdWord Conversions Code:

<script type="text/javascript">
/* <![CDATA[ */ 	
        var google_conversion_id       = 12345678;
        var google_conversion_language = "en";
        var google_conversion_format   = "3"
        var google_conversion_color    = "FFFFFF"
	var google_custom_params       = window.google_tag_params;
	var google_remarketing_only    = true;
/* ]]> */ 
</script>
<script type="text/javascript" src="//www.googleadservices.com/pagead/conversion.js"></script>

This gets destroyed by PS1.6.  :-(

 

One of the key reasons why Google/Facebook strongly suggest putting their code between the Head tags is because otherwise you increase the likelihood of loosing that sessions analytics or tracking (since a user could close the page down before the page finishes loading) 

 

With PS1.6 I haven't found a way to put Javascript code in the Header???  (since my module is in the addons store i would prefer not to have my customers have to add overrides/edit the core files to achieve this).

 

- Very disappointing that this was just introduced without a flag/config option to disable it, took me many hours to find and come up with a workaround for this.

[Gregory Roussac]

Hi,

 

conversion.js does not need to be in header. Global variables can be reached by a script which is loaded afterward.

 

It was left because of a bug with "//" begining url.

 

Anyway this flag/config option is implemented now in CCC options for next release.

 

Best regards

[shopapps]

Thanks Gregory, glad to hear it will be in the next release. 

 

If in PS's code you are parsing for src="xxx.js"  in the javacript and then moving it with all the other script code, then can i kindly ask you to also allow support for src="//xxx.js"  as this is a standard way of assuring the file is called in using the matching page protocol (http or https depending on what the shop is being served from), and therefore you wont get warnings of this page is trying to include insecure data or similar..

 

But either way glad to hear it should be fixed in the future.  To aid others in the meantime the way I got around this was using the following code:

function googleTrackingPixel() {
   // set google variables as globals
 /* <![CDATA[ */ 	
        window.google_conversion_id = 12345678;
        window.google_conversion_language = "en";
        window.google_conversion_format = "3"
        window.google_conversion_color = "FFFFFF"
        window.google_custom_params 	= window.google_tag_params;
	window.google_remarketing_only = true;
 /* ]]> */ 

        var oldDocWrite = document.write // save old doc write
        document.write = function(node){ // change doc write to be friendlier, temporary
            $("body").append(node);
        };

        $.getScript("//www.googleadservices.com/pagead/conversion.js", function() {
            setTimeout(function() { // let the above script run, then restore doc.write
                document.write = oldDocWrite;
            }, 100);
        });
googleTrackingPixel();

Now, I'm sure there are plenty of prettier ways of doing it but this is the only one i could come up with that works, since you have to load the conversion.js after you set the variables, but you cant just use .getScript on its own since conversion.js uses document.write (which will not work after the page has been fully loaded).  (most of this code came from an answer in stackoverflow.com so cant take any credit/abuse for it)

 

As I say lost several days of experimenting to pin this issue down and come up with a workaround. v.frustrating.

[Gregory Roussac]

Yes you are right but it sadly does not work with $.getScript if you have other modules that need window.google_conversion_id for instance.

 

Would you mind applying this commit for //url ?

 

https://github.com/PrestaShop/PrestaShop/commit/7e22dcf97171920220569c19bf7705d6364756b9

 

Regards

Edited June 10, 2014 by Gregory Roussac (see edit history)

[shopapps]

Hi Gregory,

 

I just checked my file and that line is already in my PS version at line 1810:

if (!preg_match('/^(?:https??\/\//iUs', $matches[2]))

did you want me to try reverting it to your old line 1810?  i.e.:

if (!preg_match('/^https?:\/\//iUs', $matches[2]))

[Gregory Roussac]

Opps sorry I mean this one https://github.com/PrestaShop/PrestaShop/commit/166f8585f880b4e9511f8f61216317e9e01fda13 I believe !

 

Regards

[shopapps]

ok, well the good news is that it does now move that line and appends it to a stack of other src files rather than putting it in line with the template file it came from. 

 

So the bad news is for this particular scenario it still puts it above the original script variables and hence Google Tag Assistant fails it.

[Gregory Roussac]

Yes this is considered as an inline script, we can not parse it to decompose it.

 

For me a module 1.6 should call Meda::addJsdef to set the ids in the variables stack, or it can be set in a template but here it is useless, but again if a second module needs the same id, ie google_conversion_id, it will fail.

 

For instance https://github.com/PrestaShop/blocksearch/blob/master/blocksearch.php#L115

 

or

 

https://github.com/PrestaShop/PrestaShop/blob/1.6/themes/default-bootstrap/modules/blockcart/blockcart.tpl#L332

 

But gabeshackle is right, this is forcing people using our proper practice that is why we made it an option (at begining this was related to another option of CCC, now it has its proper option)

 

Regards

[shopapps]

ok, thanks for the tip. 

 

Do you know if Media::addJsdef is backward compatible with 1.4 and/or 1.5? 

 

I will have to have a dig around at the Media class as I've never used it before.

 

thanks.

[Gregory Roussac]

No it is not, only for 1.6 core sorry....

[abdulk]

Hello, I am also experiencing a problem related to this as well. I have Marketing Automation tracking code that I have added to footer.tpl that is getting deferred to the bottom of the page, which would be fine except the code relies on attributes within the <script> tag that are getting stripped in the process.

 

Here's how the opening script tag must look:

<script id="__maSrc" type="text/javascript" data-pid="9758">

But after deferral it becomes:

<script type="text/javascript">

I have been following along in this thread and know that the deferScript function in Media.php is the culprit, but unfortunately I'm not good enough with php to come up with a class override that excludes my script but retains intended functionality.

 

It sounds like script deferral won't be forced in future releases, which I think is a good idea, but what is the best way to allow my script to be added unaltered right now?

 

I did make a class override that makes deferScript() do nothing at all and while that solved my problem, it broke my Authorize.net module, no idea why.

 

Thanks so much!

Edited June 12, 2014 by abdulk (see edit history)

[Ron morales]

This makes the erroneous assumption that everyone follows the best practices rules regarding using jQuery.  I have a few 3rd party vendors that require their code being in the header.  With the current version of PrestaShop (1.6) this is impossible.

 

As a workaround I created a Media class override that allows for a specific custom attribute to be applied to the opening <script> tag which will allow you to keep that tag where it is and render the JavaScript in that position within the HTML.  I've posted this script and an example on GitHub here:

 

https://gist.github.com/hereswhatidid/8c8edef106ee95138b03

 

If you take that Media.php file and place it within the /overrides/classes/ directory of your installation, then delete the /cache/class_index.php file you should be able to use that method.  I'm not sure if that's the ideal way to handle it but it works for me currently.

as I have to insert the code into media.php? after what is written must delete something? same thing happens to me, the script problem for me, I can not optimize ps,  all deformed

Edited June 12, 2014 by Ron morales (see edit history)

[thijsvk]

This topic seems to have derailed from the original question.

I too am trying to add a Twitter feed to the blockcmsinfo which saves but gets stripped.

Has anyone found a solution/work around, or is it just a case of waiting for an update?

As a side note, another issue I have with this module, is that it only allows me to save modifications if I disable multishop.

Is that just me? 

 

edit: it seems it's not just me.

 

Running P.S. 1.6.0.8 / BlockCMSInfo v 1.5.1 by the way

Edited August 1, 2014 by thijsvk (see edit history)

[shopapps]

I believe this is now fixed in the latest release (v1.6.0.9)

 

under Advanced Parameters -> Performance -> CCC (Combine, Compress and Cache)

 

there is an option Move JavaScript to the end  - YES/NO i'm guessing if you set to no, then it wont move all the javascript - but haven't tested it myself yet...

[thijsvk]

The issue isn't so much that the JS is being moved to the end, but that it's being stripped completely.

All my CCC settings are set to 'No' currently, so your suggestion unfortunately doesn't work.

[Gregory Roussac]

Hi,

 

Are you sure your template is up to date corresponding to the core version you are using ?

 

https://github.com/PrestaShop/PrestaShop/blob/1.6/themes/default-bootstrap/header.tpl#L5

 

Regards

[thijsvk]

Hmm, doesn't look like it. I'm running a 2.5 week old installation that is 1.6.0.8.

Guess I'll have to update first, and see what the results are (assuming I manage to  bollocks it up).

I'll start a new back up now, and report back as soon as I am up and running again.

Thanks for the info so far though

[Ron morales]

There are a couple live chat providers who's documentation state that the embed code should be placed in the head of the site.  Either way, this kind of optimization is something that should at the very least be a global setting that can be turned on or off and ideally could be manipulated on the individual instances like in my override.  In my opinion, PrestaShop should not be modifying template controlled HTML unless the owner of the code is intentionally initializing it.  It took a good 2-3 hours of investigation just to figure out specifically what was going on when this started happening.  This change definitely feels like it's someone's opinion of proper code practice being forced on the developers regardless of the impact it will have.  Especially this particular type of change as the improvement to page and site performance is extremely minor at best.

I generate this file: media.php and Paste the file to override/classes/Media.php, cache/class_index.php delete? or add 'Media' => 

array (

'path' => 'override/classes/Media.php',

'type' => 'class',

)