Movable Type Community Forum > Unable to use '<script>' in templates

Full Version: Unable to use '<script>' in templates

Movable Type Community Forum > Other Product Discussion > Bugs and Odd Behavior

crz-e-d

Sep 29 2004, 04:33 AM

Hello,

I'm using version 3.11 of Movable Type.
Upgraded from 3.0D.
using MySQL.

I have a problem with my templates.

Whenever I use the word "<script>" (without quotes) in a template, the template cannot be saved and mt.cgi generates an error (500).

Anyone seen the rather odd behaviour??

crz-e-d

Sep 29 2004, 04:54 AM

Next to the '<script>' issue I have the similar problem as David has, mentioned in this Bug Report.

Using *any* SQL command in a post or template and it will not be saved ... strange ... odd as well.

crz-e-d

Sep 29 2004, 05:57 AM

Problem solved. It is due to the "ModSecurity" filter software.

ModSecurity -> http://www.modsecurity.org/

There are two rather 'agressive' filters (anti SQL injection attacks).

SecFilter "<[[:space:]]*script"
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"

They are the cause for the problems.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.