Any approved method for adding Javascript before body close?

I have researched this a bit and am familiar with the security reasoning, etc. But is has their been any method created for doing this yet? I have an anti-ad block script I would like to run and it’s suppose to be inserted prior to </body> and adding it to the theme yields nada. I assume the security routines are removing it? Either way it’s not loading for me in the </body> or “Footer” options in the theme customization area.

Fyi this is just pure js and not a remote link to a file, etc.

Thanks,
Jim

have you placed your js inside script tags in your < /body>?:

<script type="text/javascript">

 <<< JS >>

</script>
1 Like

Yes I have already put the script in on the Desktop version of </body>.

<script type="text/javascript"  charset="utf-8">
eval(function....
</script>

Hmm… well I see that a file WITH the script is being put in the footer via:

<script src="[/theme-javascripts/854aca489ba48a598e9eefaa2e4e255ac2a445b7.js?__ws=mywebsite.com](https://mywebsite.com/theme-javascripts/854aca489ba48a598e9eefaa2e4e255ac2a445b7.js?__ws=mywebsite.com)"></script>

Going to that file (for me) displays the same JS I put in the customize themes area.

But as far as I can tell it’s not working as it normally does on other sites (being I have ad blocker activated).

Okay… so there is this exception/error in the JS console:

Uncaught EvalError: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: "script-src…

So it there a way to make “eval” safe or authorize this particular usage?

You can whitelist evals in the content security policy site setting, see Mitigate XSS Attacks with Content Security Policy.

We do not recommend this though, it opens your site to security exploits.

1 Like