Banned when adding an image via code view

[seadhna]

Hi there,
on multiple instances of Elxis the same issue occurs: when adding an image via code via manual typing, when one clicks Apply or Save, the following error appears:

Your request dropped for security reasons. Please try again.
Reference code: E403-CCON-0013

However, it only happens if the code is manually typed - NOT if it is copied and pasted.

To replicate:

1) Create New Article; title: test, seo title: test, subtitle: test
2) Intro text or Main text, switch to code view (change mode)
3) Manually type the following: (not copy and paste)

            <figure>
                <img src="https://www.example.org/test.png" width="100%" height="auto" alt="test">
            </figure>

4) Click SAVE or APPLY

If you copy and paste your code before clicking SAVE or APPLY, and then click back, and paste the code and click SAVE or APPLY again: no error message.

[seadhna]

More info: if you omit the two slashes in the URL, the error does not occur, but of course the Url is not valid. e.g. typing this and clicking SAVE or APPLY, there is NO error:

            <figure>
                <img src="www.example.org/test.png" alt="">
            </figure>

However, typing either of these produces the error:

            <figure>
                <img src="https://www.example.org/test.png" alt="">
            </figure>

            <figure>
                <img src="//www.example.org/test.png" alt="">
            </figure>

[datahell]

No, this has nothing to do with the URL. There is no such issue as the one you mention.

You have been stopped because the security token is wrong. This happens when you open simultaneously multiple edit pages. Only the last opened in legitimate. If you try to submit (save) a previous one the request will be dropped. This feature is in order to be protected against XSS attacks.

[seadhna]

This issue happens with every Elxis installation I have. How do you open simultaneously multiple edit pages? I don't even know how to do that.

[datahell]

I just tested it, although the reason is obvious as I already said.
I included an image the way you wrote and saved normally. See the screenshots.
The reason is 100% the one I wrote. The session token is been overwritten and token gets altered. If you haven't opened a secondary window then you must search for the reason in your browser, in an anti-virus or similar. Something might interfere between the site and the browser.

The reason is obvious as you have a very specific error code: E403-CCON-0013
This is from component content, controller file aarticle.php line 1036

if (($token == '') || ($sess_token == '') || ($sess_token != $token)) {
   exitPage::make('403', 'CCON-0013', $eLang->get('REQDROPPEDSEC'));
}