Prevent injection of code snippets into WordPress inputs

[Cactii1]

No idea why but this wallet extension injects its code into many different editing fields when editing a Wordpress web site with the plugin enabled.

[markmhendrickson]

This shouldn't happen. Mind providing a screenshot of what you see so we can diagnose the problem?

[Cactii1]

It only happens when editing with the visual editor.

[Cactii1]

Obviously I cannot replicate it when the plugin is disabled in my browser.

With Wordpress there are two editing modes (you can see a visual and a text tab on the main editing field) and it seems to only happen when the visual editing tab is selected.

There are other fields on this editing page that are also effected and have this same code injected into the editing field.

[markmhendrickson]

Thanks for the screenshot and extra context! We'll investigate.

[kyranjamie]

Hmm, this is likely owing to the addition of all_frames. Surprised it injects into a wysiwyg though.

While we fix, you can use this option to disable the extension by domain

[314159265359879]

Another report

[pete-watters]

I picked this issue up again to try and get it closed off but I'm now unable to re-produce it on Firefox.

I setup a fresh installation of Wordpress and installed Classic Editor and I cannot reproduce it using Hiro Waller V 6.3.1 and FF 116.0.2 (64-bit) on MAC.

It's tricky to stress test it due to https://github.com/hirosystems/wallet/issues/4030 so we could re-visit once that is solved.

Originally I could reproduce the issue right away but then on subsequent attempts I was unable to.

[pete-watters]

I noticed this poor review we have on the Chrome store about this issue. We should probably try and get this fixed soon