Title: WARNING Javascript Injection possible!
Last modified: January 13, 2021

---

# WARNING Javascript Injection possible!

 *  [Volkmar Kantor](https://wordpress.org/support/users/volkmar-kantor/)
 * (@volkmar-kantor)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/warning-javascript-injection-possible/)
 * How to reproduce:
    - Go to an contact-form-7 form in the frontend.
    - Add the following code into i.e. an textarea field:
       `this is a <script>alert('
      TEST')</script>`
    - Submit the form.
    - Go to Backend, into “Advanced CF7 DB”, select the your submitted form
    - Edit the entry you just submitted
 * Expected Behaviour: you can edit the submitted text, the “<” and “>” are html_encoded.
   
   Actual Behaviour: the alert message pops up.

The topic ‘WARNING Javascript Injection possible!’ is closed to new replies.

 * ![](https://ps.w.org/advanced-cf7-db/assets/icon-256x256.jpg?rev=1696186)
 * [Advanced Contact form 7 DB](https://wordpress.org/plugins/advanced-cf7-db/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/advanced-cf7-db/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/advanced-cf7-db/)
 * [Active Topics](https://wordpress.org/support/plugin/advanced-cf7-db/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/advanced-cf7-db/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/advanced-cf7-db/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [Volkmar Kantor](https://wordpress.org/support/users/volkmar-kantor/)
 * Last activity: [5 years, 5 months ago](https://wordpress.org/support/topic/warning-javascript-injection-possible/)
 * Status: not resolved