jQuery.ajaxSetup in html source code

Resolved

(@fl0at)

Hi, I noticed that WP Cerber appends a script to the page which adds hidden fields to all forms. I understand that this is related to some security things but unfortunately it also manipulates all of our HubSpot forms. All of these weird values are now visible in HubSpot and are kind of messing up the client data.

Is there a way to either completely deactivate this or at least exclude forms with a specific class? <form class="hs-form"> for example.

Thank you.


<script type="text/javascript">
        jQuery(document).ready(function ($) {
            //$( document ).ajaxStart(function() {
            //});

			
            for (var i = 0; i < document.forms.length; ++i) {
                var form = document.forms[i];
				if ($(form).attr("method") != "get") { $(form).append('<input type="hidden" name="lwNomqutynKeiBPT" value="sSfDtkh3d7" />'); }
if ($(form).attr("method") != "get") { $(form).append('<input type="hidden" name="HsByUcLE" value="FLfEenRI6.i@8TG" />'); }
if ($(form).attr("method") != "get") { $(form).append('<input type="hidden" name="eaKjIrGhZBnMp" value="Zgopcn" />'); }
            }

			
            $(document).on('submit', 'form', function () {
				if ($(this).attr("method") != "get") { $(this).append('<input type="hidden" name="lwNomqutynKeiBPT" value="sSfDtkh3d7" />'); }
if ($(this).attr("method") != "get") { $(this).append('<input type="hidden" name="HsByUcLE" value="FLfEenRI6.i@8TG" />'); }
if ($(this).attr("method") != "get") { $(this).append('<input type="hidden" name="eaKjIrGhZBnMp" value="Zgopcn" />'); }
                return true;
            });

			
            jQuery.ajaxSetup({
                beforeSend: function (e, data) {

                    //console.log(Object.getOwnPropertyNames(data).sort());
                    //console.log(data.type);

                    if (data.type !== 'POST') return;

                    if (typeof data.data === 'object' && data.data !== null) {
						data.data.append("lwNomqutynKeiBPT", "sSfDtkh3d7");
data.data.append("HsByUcLE", "FLfEenRI6.i@8TG");
data.data.append("eaKjIrGhZBnMp", "Zgopcn");
                    }
                    else {
                        data.data =  data.data + '&lwNomqutynKeiBPT=sSfDtkh3d7&HsByUcLE=FLfEenRI6.i@8TG&eaKjIrGhZBnMp=Zgopcn';
                    }
                }
            });

        });
	</script>

Viewing 7 replies - 1 through 7 (of 7 total)

Plugin Author gioni
(@gioni)

4 years, 10 months ago

Hi! It’s an unexpected issue. We offer a solution next week.

Plugin Author gioni
(@gioni)

4 years, 10 months ago

I’m sorry, it will take longer. Do you use that form on one page or several ones?

Thread Starter fl0at
(@fl0at)

4 years, 10 months ago

Thanks for the update. It’s used on several pages.

Plugin Author gioni
(@gioni)

4 years, 9 months ago

Where are the HubSpot forms submitted to? Is it local storage on the website? Remote on HubSpot?
Thread Starter fl0at
(@fl0at)

4 years, 9 months ago
The forms are embedded and submitted via HubSpots JS forms API directly into HubSpot. We do not handle the submit, we just implement the code that is provided by HubSpot after creating a form.
- This reply was modified 4 years, 9 months ago by fl0at.
Thread Starter fl0at
(@fl0at)

4 years, 8 months ago

Hi Gregory, any updates on this? Thank you!

Plugin Author gioni
(@gioni)

4 years, 5 months ago

I’m sorry for the late reply. The solution is available since WP Cerber 8.9.3. You can configure exceptions for WP Cerber’s anti-spam by disabling its code on selected WordPress pages. The list of pages is specified with a new PHP constant CERBER_DISABLE_SPAM_FILTER. Please know more: https://wpcerber.com/wp-cerber-security-8-9-3/

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘jQuery.ajaxSetup in html source code’ is closed to new replies.