Error in combination with Translationpress

Are you logged-in (which role?) or not when that happened?

Rule 128 is about JS code in an HTML attribute. Does your plugin sends some JS code in the payload? You may see that in the firewall’s log.

Hello, thanks for the quick reply.

I searched the log and noticed that it refers to some translated content out of the text, that derives from the “Cookie Notice & Compliance for GDPR/CCPA” Plugin.

The log shows the following:

19/Jul/21 11:18:37  #5575105  CRITICAL   128  2003:d9XXXXXX  POST /wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php - Attribute JS injection - [POST:originals = ["To offer you the best browsing-experience, we use cookies. If you continue using our site, we assume your agreement.","OK","Dataprotection","THISISMYDOMAIN.de/en/datensc...] - THISISMYDOMAIN.de
19/Jul/21 11:18:37  #8212232  CRITICAL   128  2003:d9XXXXXX  POST /wp-admin/admin-ajax.php - Attribute JS injection - [POST:originals = ["To offer you the best browsing-experience, we use cookies. If you continue using our site, we assume your agreement.","OK","Dataprotection","THISISMYDOMAIN.de/en/datensc...] - THISISMYDOMAIN.de
19/Jul/21 11:18:41  #1864010  CRITICAL   128  2003:d9XXXXXX  POST /wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php - Attribute JS injection - [POST:originals = ["To offer you the best browsing-experience, we use cookies. If you continue using our site, we assume your agreement.","OK","Dataprotection","THISISMYDOMAIN.de/en/datensc...] - THISISMYDOMAIN.de
19/Jul/21 11:18:41  #8065856  CRITICAL   128  2003:d9XXXXXX  POST /wp-admin/admin-ajax.php - Attribute JS injection - [POST:originals = ["To offer you the best browsing-experience, we use cookies. If you continue using our site, we assume your agreement.","OK","Dataprotection","THISISMYDOMAIN.de/en/datensc...] - THISISMYDOMAIN.de

Best regards!

• This reply was modified 3 years, 4 months ago by thalakus.

The JS tag or code is not visible in the log, because the firewall truncates the payload to 200 characters. I assume it is added by your “Cookie Notice & Compliance for GDPR/CCPA” plugin.
If you want to increase the 200-character limit in order to log more data and find the JS code, you can use the .htninja script and define the NFW_MAXPAYLOAD constant as per follows:

<?php
/*
 +===========================================================================================+
 | NinjaFirewall optional configuration file                                                 |
 |                                                                                           |
 | See: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/ |
 +===========================================================================================+
*/
// Increase the size of the data written to the log
define('NFW_MAXPAYLOAD', 300);

This would increase it to 300 characters for instance.

• This reply was modified 3 years, 4 months ago by nintechnet.

Thanks for the reply.
Anyway I think it might be good for you to inspect it on a test environment in combination with cookie notice and Translatepress, since both plugins are used by millions of users and then they will work fine with your plugin.

Best regards

Hello,

checked it now with the following result:

Even though that in the log it’s talking about my translation plugin translatepress, the error doesn’t occur anymore when the cookie-notice-plugin is deactivated.
Deactivating rule 128 also doesn’t show the error anymore.

Maybe you look into the combination of translatepress (free version) and the cookie-notice-plugin (also free) to help that further users won’t be confronted with that error.

Best regards!

Hello together,

seems like in the new version 4.4 that error doesn’t occur anymore. Did you fix it in the update?

Best regrads!

There was a modification done to the latest security rules (2021-07-27.1).

hello together, yesterday occured some similar-error:

20/Nov/21 14:58:56  #2449187  CRITICAL   128  79.47.60.xxx     POST /wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php - Attribute JS injection - [POST:originals = ["TRANSLATE with ","x","English","Arabic","Hebrew","Polish","Bulgarian","Hindi","Portuguese","Catalan","Hmong Daw","Romanian","Chinese Simplified","Hungarian","Russian","Chinese Tradi...] – MY DOMAIN
20/Nov/21 14:58:56  #8073214  CRITICAL   128  79.47.60.xxx     POST /wp-admin/admin-ajax.php - Attribute JS injection - [POST:originals = ["TRANSLATE with ","x","English","Arabic","Hebrew","Polish","Bulgarian","Hindi","Portuguese","Catalan","Hmong Daw","Romanian","Chinese Simplified","Hungarian","Russian","Chinese Tradi...] – MY DOMAIN

Maybe there was something changed in the rule 128 of Ninja-Firewall?

Best regards!!

There was no change in the rule 128 since last July.
If you can see the whole POST:originals payload, check for a javascript: substring and paste it here, I’ll see if I can adjust the rule.

thanks for the reply!
How can I check for the whole payload? What I posted was everything I found in the logs

Best regards!

You can configure the length of the payload as mentioned in my message here