Grapesjs-custom-code doesn't execute <script> from GrapesJS 0.16.30 and up

hi very thanks for u r replay... yes exactly , after you are replay i tried with 0.16.27 custom blocks script is working as expected but in above versions than 0.16.27 while drag and drop custom block script executing as expected but after saving and reloading the template using editor.setComponents(html text as String ); html coming properly but script is not working. i absorbed that in script in place of ' < > like this type of symbols are replacing with browser understanding codes so i tried to deploy that html in browser its working fine but script not working locally while reloading saved template. kindly if any one have the solution for this in latest version help me to get out of this

Thanks

Hi @bgrand-ch probably you're talking about a fixed bug 😂 Main reasons why you should not let execute a random script from a user:

1. Self-XSS
2. We can't control the script if we execute it inside the editor, so, for instance, the user paste this <script>document.body.innerHTML = "";</script> and the editor is broken.

Actually, there is an option that kind of indicates that is by design placeholderScript | Content to show when the custom code contains <script>

Thanks for reporting this, @bgrand-ch.

Great suggestion about grapesjs-custom-code doesn't execute <script> from GrapesJS 0.16.30 and up! While this specific feature isn't yet in the core API, there are several ways to achieve similar behavior.

Using the event system:

editor.on('component:update', (component) => {
  // your logic here
});

Alternative approaches:

• Listen to selector:add for CSS selector changes
• Use selector:custom for custom rules
• Tap into the change:* events for fine-grained tracking
• Build a plugin that extends the editor with this capability

Making it official: If this feature would benefit many users, consider opening a formal Feature Request on the GrapesJS repo with:

• A detailed use case
• Code example showing the desired behavior
• Why this matters for your workflow

The core team is receptive to well-motivated feature requests backed by real use cases.