JavaScript inserted using HTML macro cannot be executed
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
Some JavaScript (specifically those with functions) inserted using the HTML macro cannot be executed upon saving a Confluence page. When previewing the page (using the Editor), the JS can successfully be executed.
Diagnosis
This issue only occurs in Chrome. After saving the page, going to Developer Tool > Console will produce the following error:
Refused to execute a JavaScript script. Source code of script found within request.
Cause
The error is thrown when the page is saved via a POST and then retrieved via a GET. This is actually a security measure put in place by the Chrome browser in order to prevent XSS (cross-site scripting) attacks.
For more information regarding this, please refer to the following links:
- Security in Depth: New Security Features
- Refused to execute a JavaScript script. Source code of script found within request
Resolution
Refreshing the page will resolve this issue. The JS can actually be executed upon refresh or upon normal viewing.