Scripts fail with JS event handlers; succeed with jQuery

[eschwartz]

I am attempting to create a page using an embedded JS script. I am encountering an error where the script fails to publish only if I include JS event handlers (eg. document.getElementById("xyz").onclick = () => {}). When I click publish, I get back a generic HTTP 403 from the server, with a Session Expired - please log in error in the browser.

Bizarrely, if I write the same event handler using jQuery (eg $("#xyz").click(() => {}), publishing succeeds.

I have tried other variations on vanilla JS:

# works
document

# works
document.getElementById("xyz")

# fails
document.getElementById("xyz").onclick = () => {}

# fails
document.onclick = () = {}

# fails
document.getElementById("xyz").onmouseenter = () = {}

# works
$("xyz").click(() => {})

with vanilla JS event handler

with jQuery event handler

I do see this error log on the server:

domain.com/xerte/edithtml.php PHP Notice: Undefined index: parent_id in /xerte/modules/xerte/edithtml.php on line 219

But looking at that edithtml.php file, it seems unlikely that this error message is related. My guess is that 403 errors are not logged on the server.

Any help would be much appreciated! And thank you for your work on this project.

[torinfo]

That is weird. The error occurs in editor/upload.php, but I cannot reproduce this in latest 3.12 nor in latest unstable. What version of Xerte are you using, and what version of PHP are you running on the server. Is there a way to check the apache/php error log on the server?