Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I currently get the following error in my chrome javascript console:
"Refused to execute a JavaScript script. Source code of script found within request"
when the following occurs:
You have CKEditor setup with the Flash Button enabled. A user attempts to create a page and in the body content uses this flash tool, providing it with a link to youtube. The tool inserts the flash object and you see the red flash box in the rich text editor resemebling where the flash video will eventually be. On submission of this page, you get the error, and the flash is not rendered. If you hit refresh, the flash is displayed fine. In all other browsers (besides probably Safari) the flash in rendered without needing to hit refresh.
It seems to be due to a security feature in Chrome which says you can't display javascript contents on the page if it was submitted through the form (to stop XSS).
It's discussed here:
http://stackoverflow.com/questions/1547884/refused-to-execute-a-javascri...
http://blog.chromium.org/2010/01/security-in-depth-new-security-features...
Does this security rule apply to both object flash code and javascript?
Does anyone have any work arounds besides hacking in non standard HTTP headers to Drupal, as per the suggestion on that stackoverflow link.
Thanks.
Comments
Comment #1
mkesicki CreditAttribution: mkesicki commentedThank you for noticing this. We will check this . Please be patient.
Comment #2
alexkb CreditAttribution: alexkb commentedHi michal_cksource, have you had any update on this? Thanks.