Cannot save chunk or a template with script tag

Support Extras
1

Hello,
I am quite new to MODX but currently taking care of the website and in urgent need of help. The head chunk used to have script tags and as far as I understand it used to work. Now it doesn’t. I get an error of
Uncaught TypeError: this.mask.addClass is not a function
Unfortunately I need to solve this fast. I already tried using

SecFilterEngine Off
SecFilterScanPOST Off

in .htaccess file but it just doesn’t work. I there a quick fix for this problem? I am sorry if this question was already asked and I just didn’t see and answer that would help, but I am running out of time and need advice.
Thank you!

2

This sounds like a mod_security issue. If you post up some info about your version and server / environment, you might get help more quickly

3

The version is MODX Revolution 2.6.5-pl and I don’t know the server tbh. I have access only to the manager console.

4

I think the server info will be important to know, specifically which version of PHP… Also, is your manager account a sudo user account? This sounds like it will be tough to troubleshoot without complete admin rights.

5

So apparently it runs on NGINX. I don’t have sudo user account. Reached MODX support and was told that there is no mod_security since there is is an Apache module. Wondering if permission / security reasons are still the issue, since it’s the most common explanation for ppl with similar problems like mine.

6

Is this site on MODX Cloud? If so Cloud support should be able to help you.

7

Luckily it is :slight_smile: Thank you for replying and helping!

8

I have run into this, too. (MODX 2.8.4, PHP 7.4) I am getting this message:

[Fri Jul 01 12:36:30 2022] [error] [vhost: kissfoto.hu] [pid 6164] apache2_util.c(273): [client 31.46.244.124:0] [client 31.46.244.124] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "<!--" at ARGS:snippet. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "56"] [id "212340"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||kissfoto.hu|F|2"] [data "Matched Data: <!-- found within ARGS:snippet: <!-- Global site tag (gtag.js) - Google Analytics --> <script async src=\\x22https://www.googletagmanager.com/gtag/js?id=G-LBWY61D7XH\\x22></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-LBWY61D7XH'); </script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kissfoto.hu"] [uri "/connectors/index.php"] [unique_id "Yr7OLvgUMDLqsJPQje1XuAAAAA8"]

As you can see in the message, it has a problem with the Google Analytics code I am trying to insert. Any ideas?