Joomla! Discussion Forums

I have a website on which some of the contents contains "dynamic points" -- points the user can move the mouse over to trigger a visual action. In such cases, I need to add onmouseover/onmouseout for these spans.
I seem to have stumbled upon a problem with Joomla's edit feature (I'm using the "plain" -- not rich text -- article editor) where if the text submitted contains either the words "onmouseover" or "onmouseout", I end up being redirected to http://localhost/removecookie -- which obviously fails!
Here's a dump of the HTTP communication going on (I've replaced my host name with "site"):

http://site/administrator/index2.php
POST /administrator/index2.php HTTP/1.1
Host: site
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.9
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://site/administrator/index2.php?op ... nu=1&id=26
Cookie:
Content-Type: application/x-www-form-urlencoded
Content-Length: 4265
title=...encoded version of the article... etc...

HTTP/1.x 302 Found
Date: Wed, 24 Jan 2007 14:02:24 GMT
Server: Apache/1.3.37 (Unix) mod_fastcgi/2.4.2 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.3 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a
Location: http://localhost/removecookies
Keep-Alive: timeout=15, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

Looking in the actual webserver log files, it appears though that the URL itself returns HTTP 200 (OK) and then the component itself I'm guessing raises a HTTP 302 and causes the problem.
I'm getting the same problem regardless of the browser -- IE/Firefox etc.
Anyone has any ideas about what's causing this or what am I doing wrong?
Many thanks,

It turns out in the end that my hosting company (I'm using shared hosting) had turned on some HTTP filters to protect against JavaScript injection. Once they removed that, it all works fine.
So really, nothing to do with Joomla -- apologies for this, but they initially denied that they made any changes in the configuration.

Hmm.. I'm getting a similar issue with my site at the moment - for example, if I go to edit the html of the current template but choose to hit 'Cancel' rather than save the changes, I get routed to the same localhost/removecookie url.  Who are you hosting with incidentally?

eukhost.com -- and i hope this reply is not considered disguised advertising.
However, I think it's just an apache filter that can be added -- worth talking to your guys, as I used to get the same problem: once you edit an item, regardless of the button you press, obviously, the information is still submitted, and the filter kicks in and rejects the whole "onmouseover" business...

Heh, by a less-than-spooky coincidence, I'm hosted with them too!  I've got their tech support looking into it now so hopefully it'll be resolved soon.  Thanks!

I can't remember the ticket number I raised with them -- but if you mention to them "JavaScript injection protection filter" they should be able to pick on that. Well, they did in my case. Mind you, I think it took them about a day

"http://localhost/removecookies" redirect here too.

I'm trying to edit a simple html form at chronoforms component, no "onmouseover"/"onmouseout". just some table tags and form fields tags, i.e. textbox, radio button, check box, and subimit button, without

tags.

Can this be "JavaScript injection protection filter" from my host? any tip?

I'm hosting at micfo.com

Util information:


http://wiki.modxcms.com/index.php/What_ ... _affect_me

Must set your .htacess to avoid POST data filtering.