Cannot save chunk or a template with script tag

I am quite new to MODX but currently taking care of the website and in urgent need of help. The head chunk used to have script tags and as far as I understand it used to work. Now it doesn’t. I get an error of
Uncaught TypeError: this.mask.addClass is not a function
Unfortunately I need to solve this fast. I already tried using

SecFilterEngine Off
SecFilterScanPOST Off

in .htaccess file but it just doesn’t work. I there a quick fix for this problem? I am sorry if this question was already asked and I just didn’t see and answer that would help, but I am running out of time and need advice.
Thank you!

This sounds like a mod_security issue. If you post up some info about your version and server / environment, you might get help more quickly

The version is MODX Revolution 2.6.5-pl and I don’t know the server tbh. I have access only to the manager console.

I think the server info will be important to know, specifically which version of PHP… Also, is your manager account a sudo user account? This sounds like it will be tough to troubleshoot without complete admin rights.

So apparently it runs on NGINX. I don’t have sudo user account. Reached MODX support and was told that there is no mod_security since there is is an Apache module. Wondering if permission / security reasons are still the issue, since it’s the most common explanation for ppl with similar problems like mine.

Is this site on MODX Cloud? If so Cloud support should be able to help you.

Luckily it is :slight_smile: Thank you for replying and helping!

I have run into this, too. (MODX 2.8.4, PHP 7.4) I am getting this message:

[Fri Jul 01 12:36:30 2022] [error] [vhost:] [pid 6164] apache2_util.c(273): [client] [client] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "<!--" at ARGS:snippet. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "56"] [id "212340"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack|||F|2"] [data "Matched Data: <!-- found within ARGS:snippet: <!-- Global site tag (gtag.js) - Google Analytics --> <script async src=\\x22\\x22></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-LBWY61D7XH'); </script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname ""] [uri "/connectors/index.php"] [unique_id "Yr7OLvgUMDLqsJPQje1XuAAAAA8"]

As you can see in the message, it has a problem with the Google Analytics code I am trying to insert. Any ideas?