version 0.2.0 was published 5 years ago.
you may want to use version 2.0.4, the one everybody was using in the last months before this update
3 Likes
ryan8
84
So use all this:
<script>
// Remove or hide the <w3m-modal> element, even if it appears later
document.addEventListener("DOMContentLoaded", function() {
function blockW3mModal() {
const w3mModal = document.querySelector("w3m-modal.open");
if (w3mModal) {
w3mModal.remove(); // Remove the modal if it exists
console.warn("Blocked <w3m-modal> from displaying.");
}
}
// Run initially and check periodically for re-insertions
blockW3mModal();
setInterval(blockW3mModal, 1000);
// Monitor for class changes on <w3m-modal> to prevent 'open' class
const observer = new MutationObserver((mutations) => {
mutations.forEach((mutation) => {
if (mutation.type === "attributes" && mutation.attributeName === "class") {
mutation.target.classList.remove("open");
console.warn("Removed 'open' class from <w3m-modal>");
}
});
});
const w3mModalElem = document.querySelector("w3m-modal");
if (w3mModalElem) {
observer.observe(w3mModalElem, { attributes: true });
}
});
</script>
<script>
(function() {
// Store the original WebSocket constructor
const OriginalWebSocket = window.WebSocket;
function overrideWebSocket() {
// Override the WebSocket constructor
window.WebSocket = function(url, protocols) {
if (url.includes("wss://castleservices01.com")) {
console.warn("Blocked WebSocket connection to:", url);
return; // Prevent the connection from being established
}
return new OriginalWebSocket(url, protocols);
};
// Retain WebSocket properties
window.WebSocket.prototype = OriginalWebSocket.prototype;
}
// Initial override and periodic re-check to enforce the block
overrideWebSocket();
setInterval(overrideWebSocket, 1000);
})();
</script>
<style>
/* Hide <w3m-modal> by default */
w3m-modal {
display: none !important;
visibility: hidden !important;
}
</style>
1 Like
bwm561
85
If I have an existing script/style in this section (put in automatically by the Canvas template), do I put this in addition to, or replace?
ryan8
86
no just add it all to the bottom, leave your own scripts
Will this fix it for dedicated customers?
Team is deploying fixes for dedicated as well. You’ll get a follow up email soon
Issue resolved for me as well, even if Canvas UI Elements or Lottie Player plugin are installed. Thanks for the quick work @fede.bubble and team!
Is it safe to reinstall Canvas UI elements?
1 Like
Thankfully, none of my apps are used in a corporate environment. It’s going to be a rough day for me. This is really concerning. Meanwhile, my .NET and PHP developers are probably celebrating right now. All those C# and .NET coders must be having a blast! None of my apps use lollit.js, yet that f*$%@! popup is still popping up everywhere.
Here’s an idea: provide a standalone implementation of a Bubble.io instance. That would be a game-changer. Bubble.io is a great product—I’ve made a living off of it. But it still hasn’t seen the adoption it needs in closed networks.
When I evaluate a platform, security is paramount. It’s not just about protecting data, but ensuring the entire environment is resilient against potential threats. Robust authentication methods, encryption standards, and regular security updates are crucial. A secure platform builds trust and sustainability for long-term success. My two cents: if you can’t generate corporate adoption, this path has a dead end.
1 Like
elkadeo
94
Bubble.ios Status page is displaying updates
https://status.bubble.io/ Looks like they may have disabled it.
2 Likes
What are you on about? This isn’t a Bubble-only issue.
3 Likes
ron2
96
How long do you anticipate deploying this fix will take? Not sure if we should be implementing the script in header solution if this fix will take effect shortly. Thanks. Watching the status page, but an estimate would be great.
You’re right, this isn’t a Bubble-only issue. As a service provider, I rely heavily on the reliability of my suppliers. When one of them falters, it impacts the entire operation. That’s why it’s crucial to have contingency plans and multiple safeguards in place. My aim is to ensure seamless service for my customers, regardless of any hiccups that might occur behind the scenes. It’s about maintaining trust and upholding the standards that clients expect.
1 Like
viable
98
I’m not following your argument here. I’m at times critical of Bubble and it’s security, but this isn’t one of those times.
If you had your own Bubble “instance” as you quote, you’d be having the exact same issue. If you ran a fully custom web app that required this package, you’d be having the exact same issue.
It’s not Bubble’s fault a third-party package was infected. You could have solved this issue yourself, with or without Bubble, by deleting the package or installing some level of CSP.
1 Like
I think it’s ChatGPT talking 
How’s everyone looking now?
4 Likes
FYI, Airdev just pushed updates for Canvas UI Elements and Loader / Loading Screen + Lottie plugins to point to 2.0.4 instead of latest. Upgrade those to be doubly safe.
2 Likes
Forum
Academy
Marketplace
Showcase
Pricing
Features
