Skip to main content

2023-09-22

Removing <script> tags from POST method request data

When adding or updating content using the API, even if there is a <script> tag, it was being reflected as it is.
Due to the following issues, we will make modifications to remove <script> tags from API request data:

To prevent unintended <script> tags from being included in items not permitted on the admin interface, we will remove <script> tags from items without permission settings. However, since we did not remove <script> tags on the API side, there were instances where <script> tags disappeared at unexpected times when updating in the admin interface after adding data through the API.

If the parameter "Allow all tags" is enabled in the HTML content structure, registration of <script> tag content is allowed.
If it is necessary to register <script> tags in the content, please set it here.

Image from Gyazo

Planned Date for Endpoint Addition

RC: August 28th (already implemented)
Stable: Mid-October

Contact

If you have any further questions regarding this matter, please feel free to contact Kuroco Support.

Support

If you have any other questions, please contact us or check out Our Slack Community.

Contact form
Join Kuroco Slack community