Cant remove an unwanted script from website

Permalink
Hi

This is related to my prior posthttps://www.concrete5.org/community/forums/chat/re-connection-requir...

I have some HTML code on my website that I can not remove and might be malicious and a potential cause of a cross-site scripping XSS issue I have just had. I do not know, as I am waiting to here back from secuirty techs of what caused the cross-site scripping XSS issue
But the timing of the issue is around the time I added the widget.

The HTML code was created viahttp://telegrambutton.com/ website and creates a widget on my website that was to link to a Telegram channel. But this widget does not link to the channel, it goes tohttps://telegrambutton.com/wait.php?url=https://t.me/t/me/covid19exp... and offers some totally un-related file sharing offer before then re-directing to Telegram offical website not the channel.

Any advise on how to remove this widget would be most appreciated.
I see an addon called: Safe HTML
Developed by JohntheFish

Which might help me find the HTML location , but I am not sure if that will work. Plus due to the issue in my prior post relating to not being able to re-connect to community I can not get the addon.

The HTML code creating the Telegram icon on my home page is:


[<iframe id="webbuttonwidget" class="center" file="webbuttonwidget" src="https://telegrambutton.com/webbuttonwidget.php?chat_id=t/me/covid19experiencechannel&showchatid=true&showmembercount=true&showmembercount=true&color=green darken-3&pulse=false&textcolor=white&shadowval=&textval=join channel" border="1" style="border:20px;height: 125px;z-index:9999;position:fixed;bottom:0;right:0;" width="240px"></iframe>]

Is it possible to remove this HTML from the server I'm running CC5 on? If so any advise on how to do this and risks involved ?

My skill set is limited.

Any help would be appeciated.

Regards
Darren

1 Attachment

View Replies:
JohntheFish replied on at Permalink Reply
JohntheFish
seehttps://c5magic.co.uk/addons/safe-html/fixing-broken-sites...

"If you only discovered Safe HTML after already putting a dodgy script into an HTML block and can't get back by reverting the page version, you can use the Safe block template to create an override of the core HTML block view, so making every HTML block on your site use Safe HTML.

Use FTP or your host control panel to copy

/packages/jl_safe_html/blocks/html/templates/safe.php
to

/application/blocks/html/view.php
This will create an override of the core HTML block view making it 'safe'. You can then edit the afflicted pages and use block design to change problematic HTML block's templates to use the Safe template. Once finished, simply delete /application/blocks/html/view.php and your other HTML blocks will revert to the default."

Once you can edit the page, just delete that problem html block with the iframe