Unsaved content is lost when XSS warning is displayed

[uviArtisol]

Every time I get an XSS warning, whatever content I had writen before saving is lost. Can we get the warning (and a reference to which is the offending text) without reloading the page to the last saved position. The solution is to save all the time, but because Grav scrolls all the way back up when saved, it makes it impossible to work on any document longer than your screen.

[mahagr]

I cannot replicate it.

When I add a script tag into the content of a page and attempt to save it, it warns me and shows You are editing a saved draft.

I can still see the script in the content as well as my other changes.

[thekenshow]

I'm seeing similar behaviour under the following conditions:

• Grav v1.7.25 + Admin v1.10.25 + NextGen editor
• Custom permission admin.xss added to Configuration > Security > XSS Security for Content > Whitelist Permissions
• Non-super user with custom admin.xss permission assigned logs in
• User attempts to edit an existing HTML snippet (replacing src value) using NextGen editor (below):

    <div class="embed-container-map">
        <iframe src="https://embed.kumu.io/305db4a26b7dfd11b065b9b3f9165328" style="border:0">
        </iframe>
    </div>

• User saves and sees the Entry Saved Successfully message and a notice about XSS risk:

• Inspecting the editor field immediately shows the snippet has reverted to previous value.

NOTE Editing the snippet a second time and saving again works as expected.