grapesjs-custom-code doesn't execute <script> from GrapesJS 0.16.30 and up

[bgrand-ch]

grapesjs-custom-code work fine with script tag until GrapesJS 0.16.27, after this version, no script content is executed.

✔️ Editor init() option : allowScripts: 1 ✔️ Plugin import : https://github.com/artf/grapesjs-custom-code/issues/11#issuecomment-724512902

Is it related to https://github.com/artf/grapesjs/issues/3244 ?

[nithinpillalamarri123]

hi very thanks for u r replay... yes exactly , after you are replay i tried with 0.16.27 custom blocks script is working as expected but in above versions than 0.16.27 while drag and drop custom block script executing as expected but after saving and reloading the template using editor.setComponents(html text as String ); html coming properly but script is not working. i absorbed that in script in place of ' < > like this type of symbols are replacing with browser understanding codes so i tried to deploy that html in browser its working fine but script not working locally while reloading saved template. kindly if any one have the solution for this in latest version help me to get out of this

Thanks

[artf]

Hi @bgrand-ch probably you're talking about a fixed bug 😂 Main reasons why you should not let execute a random script from a user:

1. Self-XSS
2. We can't control the script if we execute it inside the editor, so, for instance, the user paste this <script>document.body.innerHTML = "";</script> and the editor is broken.

Actually, there is an option that kind of indicates that is by design placeholderScript | Content to show when the custom code contains <script>