I have researched this a bit and am familiar with the security reasoning, etc. But is has their been any method created for doing this yet? I have an anti-ad block script I would like to run and it’s suppose to be inserted prior to
</body> and adding it to the theme yields nada. I assume the security routines are removing it? Either way it’s not loading for me in the
</body> or “Footer” options in the theme customization area.
Fyi this is just pure js and not a remote link to a file, etc.
have you placed your js inside script tags in your < /body>?:
<<< JS >>
Yes I have already put the script in on the Desktop version of
Hmm… well I see that a file WITH the script is being put in the footer via:
Going to that file (for me) displays the same JS I put in the customize themes area.
But as far as I can tell it’s not working as it normally does on other sites (being I have ad blocker activated).
Okay… so there is this exception/error in the JS console:
So it there a way to make “eval” safe or authorize this particular usage?
You can whitelist evals in the content security policy site setting, see Mitigate XSS Attacks with Content Security Policy.
We do not recommend this though, it opens your site to security exploits.