Webforms strip the "<script>" tag in the last wizard step #4709

New issue

Open

opened 2026-02-20 16:22:28 -05:00 by deekerman · 4 comments

deekerman commented

2026-02-20 16:22:28 -05:00

Owner

Originally created by @SinergiaCRM on GitHub (Jan 26, 2022).

Tested in last version of SuiteCRM and https://demo.suiteondemand.com/

After creating a form, the javascript code is displayed in the HTML as normal text, this is due that the "

Originally created by @SinergiaCRM on GitHub (Jan 26, 2022). Tested in last version of SuiteCRM and https://demo.suiteondemand.com/ After creating a form, the javascript code is displayed in the HTML as normal text, this is due that the "<script>" tags dissapear before generating the code in the last step. See images bellow: ![Selection_413](https://user-images.githubusercontent.com/61022311/151144985-c95e38bf-f332-4c89-b491-8a94bae4cef8.png) ![Scripts missing](https://user-images.githubusercontent.com/61022311/151144928-b7ce4992-4a4c-4aac-b09f-bf1eb8e84b8a.gif) #### Issue Javascript code in WebForms aren't working cause the script HTML tags are missing #### Expected Behavior The script HTML tags should be present and javascript working #### Actual Behavior Javascript code appears as text in HTML #### Possible Fix Reverting some of last merged PRs #### Steps to Reproduce 1. Create a WebToLeadForm 2. See that the javascript code appears in the site as text #### Context This shouldn't be happening. #### Your Environment SuiteCRM Version used: Version 7.12.2 Browser name and version: Chrome Versión 97.0.4692.71 (Build oficial) (64 bits) Environment name and version: MySQL, PHP 7 Operating System and version: Ubuntu 18.04

deekerman added the

Type: Bug

Priority:Important

Area: Campaigns

labels

2026-02-20 16:22:28 -05:00

deekerman commented

2026-02-20 16:22:31 -05:00

Author

Owner

@Mac-Rae commented on GitHub (Feb 1, 2022):

Hi @SinergiaCRM,

There appears to be a simple enough workaround for these issues so I'd say marking as critical would not be required;

For those concerned inserting the following above and below the script section of code before submitting it to your website will fix it;

<script type='text/javascript'>
Exsisting script code in here
</script>

Can confirm however this is a bug in the latest verisions! 👍

@Mac-Rae commented on GitHub (Feb 1, 2022): Hi @SinergiaCRM, There appears to be a simple enough workaround for these issues so I'd say marking as critical would not be required; For those concerned inserting the following above and below the script section of code before submitting it to your website will fix it; ```HTML <script type='text/javascript'> Exsisting script code in here </script> ``` Can confirm however this is a bug in the latest verisions! :+1:

deekerman commented

2026-02-20 16:22:31 -05:00

Author

Owner

@SuiteBot commented on GitHub (Dec 27, 2023):

This issue has been mentioned on SuiteCRM. There might be relevant details there:

https://community.suitecrm.com/t/problem-mit-angezeigtem-javascript-code-im-web-to-lead-formular/91359/6

@SuiteBot commented on GitHub (Dec 27, 2023): This issue has been mentioned on **SuiteCRM**. There might be relevant details there: https://community.suitecrm.com/t/problem-mit-angezeigtem-javascript-code-im-web-to-lead-formular/91359/6

deekerman commented

2026-02-20 16:22:31 -05:00

Author

Owner

@SuiteBot commented on GitHub (Dec 28, 2023):

This issue has been mentioned on SuiteCRM. There might be relevant details there:

https://community.suitecrm.com/t/issue-with-displayed-javascript-code-in-web-to-lead-form/91360/3

@SuiteBot commented on GitHub (Dec 28, 2023): This issue has been mentioned on **SuiteCRM**. There might be relevant details there: https://community.suitecrm.com/t/issue-with-displayed-javascript-code-in-web-to-lead-form/91360/3

deekerman commented

2026-02-20 16:22:31 -05:00

Author

Owner

@chris001 commented on GitHub (Dec 28, 2023):

The offending line that strips the <script> tags is likely this one:
github.com/salesagility/SuiteCRM@54bc56c3bd/modules/Campaigns/WebToLeadFormSave.php (L88)
Obviously it wants to strip the <script> tags in order to safely display in the browser without injecting active javascript onto the page.
A solution: generate 2 version: Non-cleaned, and Cleaned.

Save the non-cleaned version,
Display the raw text of the non-cleaned version, and
Actively display the cleaned version on the page, giving the user a live demo of the generated form.

@chris001 commented on GitHub (Dec 28, 2023): The offending line that strips the `<script>` tags is likely this one: https://github.com/salesagility/SuiteCRM/blob/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9/modules/Campaigns/WebToLeadFormSave.php#L88 Obviously it wants to strip the `<script>` tags in order to safely display in the browser without injecting active javascript onto the page. A solution: generate 2 version: Non-cleaned, and Cleaned. 1. Save the non-cleaned version, 2. Display the raw text of the non-cleaned version, and 3. Actively display the cleaned version on the page, giving the user a live demo of the generated form.