Security

Serious efforts have been made to ensure the safe use of the builders.

However, for flexibility and feature availability, scripting is enabled by default in the builder starting from v1.0.0.

Don't worry! All you need to do is ensure that your content or code used in builders and page edit areas is from trusted sources.

We have also provided a way to enhance security by disabling the script option, especially when your usage does not require components with JavaScript or you are not going to be editing the pages anytime soon.

Disabling scripting will also affect components that depend on JavaScript.

You can disable scripting by defining the constant PAGE_BUILDER_DISABLE_SCRIPT in your Perfex CRM config file, i.e., application/config/app-config.php.

For example, add the following code to the end of the file:

defined('PAGE_BUILDER_DISABLE_SCRIPT') or define('PAGE_BUILDER_DISABLE_SCRIPT', 1);

You can always remove this line or comment it out whenever you need to edit pages with scripting.

Implications of Using Builder with Scripting Disabled

Consider these implications when deciding whether to enable or disable scripting in the builder, and weigh the trade-offs between security and functionality based on your specific requirements and use cases. In general you do not have to worry about this if your admin panel access is secure and your pages content are not from external untrusted sources:

  • Limited functionality: Some advanced features and interactive elements may rely on JavaScript for their functionality. Disabling scripting could limit the availability of these features, potentially impacting the user experience.

  • Compatibility issues: Certain third-party integrations or plugins may require JavaScript to function properly. Disabling scripting could lead to compatibility issues with these external components.

  • Customization restrictions: Users may have less flexibility to customize and enhance their pages if scripting is disabled. Advanced customization options, such as dynamic content loading or form validation, may not be available without JavaScript.

  • Reduced interactivity: Interactive elements, such as sliders, carousels, or interactive maps, may not function as expected without scripting enabled. This could affect the overall interactivity and engagement of the website.

  • When scripting is disabled, updating pages that previously contained script components or blocks from the builder might result in the removal of these scripts, leading to the loss of interaction with such blocks. Therefore, you might want to re-enable scripting before updating pages when using components or blocks that depend on JavaScript, such as countdown or countup blocks.