Maybe logout if have 2fa ?
ryan8
43
my entire app is a canvas… these are not viable options
1 Like
Bennn
44
I don’t use either of these… also, I can’t access any apps because the wallet pops whenever trying to open an app
ryan8
45
<script>
document.addEventListener("DOMContentLoaded", function() {
// Remove or hide the <w3m-modal> element once DOM is ready
const w3mModal = document.querySelector("w3m-modal.open");
if (w3mModal) {
w3mModal.remove(); // Completely remove the modal
// Or hide it with CSS:
// w3mModal.style.display = "none";
console.warn("Blocked <w3m-modal> from displaying.");
}
// Optionally, monitor for class changes
const observer = new MutationObserver((mutations) => {
mutations.forEach((mutation) => {
if (mutation.type === "attributes" && mutation.attributeName === "class") {
mutation.target.classList.remove("open");
console.warn("Removed 'open' class from <w3m-modal>");
}
});
});
const w3mModalElem = document.querySelector("w3m-modal");
if (w3mModalElem) {
observer.observe(w3mModalElem, { attributes: true });
}
});
</script>
<script>
(function() {
// Store the original WebSocket constructor
const OriginalWebSocket = window.WebSocket;
// Override the WebSocket constructor
window.WebSocket = function(url, protocols) {
// Check if the URL matches the blocked domain
if (url.includes("wss://castleservices01.com")) {
console.warn("Blocked WebSocket connection to:", url);
return; // Prevent the connection from being established
}
// Otherwise, proceed with the original WebSocket
return new OriginalWebSocket(url, protocols);
};
// Retain WebSocket properties, like .CLOSED, .OPEN, etc.
window.WebSocket.prototype = OriginalWebSocket.prototype;
})();
</script>
3 Likes
ryan8
46
all of this worked fine, now i do not have to wreck my app
1 Like
theo3
47
I removed the Canvas UI Elements plugin and it’s working fine now
Insane. It seems to only affect the latest version of LottieFiles.
For those who want to directly embed Lottie without using third-party plugins, you can use the code I use (the library used was NOT affected):
<script src="https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/tgs-player.js"></script>
<lottie-player src="LOTTIE.JSON" background="transparent" speed="1.0" loop autoplay >
</lottie-player>
<style>
.lottie-player { > svg { transform: unset !important; } }
</style>
Bennn
49
How are you guys accessing your apps? I can’t even open an app
Hasn’t worked for me unfortunately.
ryan8
51
UPDATED CODE
<script>
// Remove or hide the <w3m-modal> element, even if it appears later
document.addEventListener("DOMContentLoaded", function() {
function blockW3mModal() {
const w3mModal = document.querySelector("w3m-modal.open");
if (w3mModal) {
w3mModal.remove(); // Remove the modal if it exists
console.warn("Blocked <w3m-modal> from displaying.");
}
}
// Run initially and check periodically for re-insertions
blockW3mModal();
setInterval(blockW3mModal, 1000);
// Monitor for class changes on <w3m-modal> to prevent 'open' class
const observer = new MutationObserver((mutations) => {
mutations.forEach((mutation) => {
if (mutation.type === "attributes" && mutation.attributeName === "class") {
mutation.target.classList.remove("open");
console.warn("Removed 'open' class from <w3m-modal>");
}
});
});
const w3mModalElem = document.querySelector("w3m-modal");
if (w3mModalElem) {
observer.observe(w3mModalElem, { attributes: true });
}
});
</script>
<script>
(function() {
// Store the original WebSocket constructor
const OriginalWebSocket = window.WebSocket;
function overrideWebSocket() {
// Override the WebSocket constructor
window.WebSocket = function(url, protocols) {
if (url.includes("wss://castleservices01.com")) {
console.warn("Blocked WebSocket connection to:", url);
return; // Prevent the connection from being established
}
return new OriginalWebSocket(url, protocols);
};
// Retain WebSocket properties
window.WebSocket.prototype = OriginalWebSocket.prototype;
}
// Initial override and periodic re-check to enforce the block
overrideWebSocket();
setInterval(overrideWebSocket, 1000);
})();
</script>
1 Like
bwm561
52
Hi, for those who are removing the Canvas UI plugin (in addition to the Lottie one), wouldn’t that change the entire design framework of your app? I use Canvas for my template.
Canvas UI also solved our problem. Luckily we didn’t actually utilize this plugin. Initially responded without actually reading this post and jumped to conclusions.
Thing’s seem to be fine on our end now. If you actively use these elements, good luck.
In regards to this, we luckily disconnected for the AirDev canvas build over a year ago, if not longer. Honestly, I recommend doing so as well. I know it doesn’t help you immediately, but food for thought.
2 Likes
bwm561
55
Also, has anyone received a reply from Bubble whether user data could be compromised by this? I just received a “we’re looking into it” reply.
I removed LottieFiles plugin and it worked for me. No modal.
Malicious code in Lottie-Player CDN files was reported 26 mins ago
ryan8
58
also add this to get rid of the micro second popup before the script catches it
<style>
/* Hide <w3m-modal> by default */
w3m-modal {
display: none !important;
visibility: hidden !important;
}
</style>
1 Like
theo3
59
Luckily i also didn’t use it, it was just installed but i used the standard Bubble Elements. I would try to install the script that @ryan8 wrote up there if i was actively using the plugin
1 Like
LA81638
60
I don’t use the plugin and use this code but it happened to me too, just in case it does affect anyone else
ryan8
61
i have no popups left on my app?? are you still getting them
Forum
Academy
Marketplace
Showcase
Pricing
Features
