Certain string in Gravity Forms paragraph field triggering block (XSS)

  • Resolved Kodeak Digital Marketing Experts

    (@kodeakdme)


    1 year, 3 months ago

    A client kept running into an issue when attempting to submit a Gravity Form. We did some troubleshooting for about 30 minutes and found that in one of the fields, a specific string was causing a block:

    blocked by firewall for XSS: Cross Site Scripting in POST body:

    We determined that the string causing this block is:

    Data:

    When either the word “Data” or the colon (:) was removed, the form submitted fine. As we’ve found the issue and let the client know how to workaround this, we are really just wondering why this might be triggering this block in Wordfence and then of course if there is a permanent fix? Would this be a call to add the param to the allowlist?

    Thanks for any insight.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    1 year, 3 months ago

    Hi @kodeakdme, thanks for reaching out.

    I think you’re right that submitting the form whilst using Learning Mode (therefore adding it to the firewall allowlist) for a short period would be the easiest way to catch false-positives. Submit the form in its default/regular state to make sure everything is being allowed through.

    You may also be able to use the “ADD PARAM TO FIREWALL ALLOWLIST” button on the Live Traffic page now that you’ve identified the block. There’s a little more about that method on the Learning Mode page linked above, too.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)

The topic ‘Certain string in Gravity Forms paragraph field triggering block (XSS)’ is closed to new replies.