GrapeJS.com homepage hacked / chained redirect malware
This is intermittent, I'm now getting grapejs.com homepage as expected
Read full answer below ↓Question
GrapesJS version
- I confirm to use the latest version of GrapesJS
What browser are you using?
Chrome 114.0.5735.110 (Official Build) (64-bit)
Reproducible demo link
https://grapejs.com *EDIT: This site / domain serves malware, it is missing the "s" in the real grapesjs.com domain
Describe the bug
Upon visiting grapejs.com homepage the browser is sent into a chain of redirects , ultimately on a malware S3 landing page that blows to full screen + audio + popup spam demanding payments.
Reproduced on subsequent visits / chrome incognito. Fairly confident it's not on my side
Code of Conduct
- I agree to follow this project's Code of Conduct
Answers (3)
This is intermittent, I'm now getting grapejs.com homepage as expected
Okay this was my mistake, I mis-typed the URL / domain name-- missing the "s" in grapesjs.com. Visiting URL grapejs.com is a bogus address with a bunch of malware / popups
I believe the incorrect domain redirects to grapesjs.com every other page load making this more confusing.
Closing this out, no issues with the main website.
Thanks for reporting this, @tomsleeter.
The issue with GrapeJS.com homepage hacked / chained redirect malware appears to be a race condition or state management timing problem. This typically happens when component lifecycle events and DOM modifications overlap, creating an inconsistent state.
What to try:
- Add a setTimeout wrapper to ensure the DOM has settled:
setTimeout(() => {
// your operation here
}, 0);
-
Check initialization order — make sure components are fully loaded before you interact with them
-
Use the editor's event system — listen to completion events:
editor.on('component:mount', (component) => {
// safe to interact with component here
});
Recommended next steps:
- Test with the latest GrapesJS version if you haven't
- Provide a minimal reproducible example (CodeSandbox) — this helps the team identify the root cause faster
- Include GrapesJS version, browser, and console errors in your report
Related Questions and Answers
Continue research with similar issue discussions.
Issue #4940
Destroying and re-initializing produces "Cannot read properties of undefined (reading 'get')"
GrapesJS version [X] I confirm to use the latest version of GrapesJS What browser are you using? Google Chrome Version 110.0.5481.100 (Offi...
Issue #5236
textnode with content "null" is rendered as "null" not whitespace
GrapesJS version[X] I confirm to use the latest version of GrapesJSWhat browser are you using? Chrome Version 114.0.5735.199 (Official Buil...
Issue #4449
Lists not working with default RTE
GrapesJS version [X] I confirm to use the latest version of GrapesJS What browser are you using? Chrome Version 102.0.5005.115 (Official Bu...
Issue #4947
Undo manager not working properly on undoing a remove action
GrapesJS version[X] I confirm to use the latest version of GrapesJSWhat browser are you using? Chrome - version 110.0.5481.100 (Official Bu...
Paid Plugins That Match This Issue
Curated by issue keywords and label relevance to help you ship faster.
Loading paid plugin recommendations...
Check the open-source GrapesJS plugins on GitHub or run a quick search in our free catalog.
Browse free plugins →Premium plugins ship with support, regular updates, and production-ready features — save days of integration work.
Browse premium plugins →Related tutorials
In-depth guides on the same topic.
Tutorial
How to Build a Production GrapesJS Editor: The Complete Walkthrough of Brief, Preset, Plugins, and Services
A complete walkthrough of building a production GrapesJS editor: how to choose a preset, pick plugins, and scope setup services without burning a sprint.
Tutorial
GrapesJS Inline RTE Plugins Update: CKEditor 5 v0.1.4 and Froala Inline Text Editor
CKEditor 5 Inline for GrapesJS v0.1.4 fixes Studio SDK toolbar clipping, iframe injection and link balloon bugs. Compare with Froala Inline — both $69.
Tutorial
Embed GrapesJS in Your SaaS: A Weekend Guide
Embed GrapesJS in your SaaS and ship a white-label page builder over a weekend. Honest tradeoffs, real code, and the plugins that close the UX gap.
Browse Plugin Categories
Jump directly to plugin category pages on the marketplace.