Compatibility with Apptha's Video Gallery

For some reason, EDD appends the following code to the XML file that configures the player, breaking the playback:

<html><script language="JavaScript"> var tokenName = 'CSRF_TOKEN'; var tokenValue = '39dd202da7f5b808aa6b83a269c31081e651920e'; function updateTags() { var all = document.all ? document.all : document.getElementsByTagName('*'); var len = all.length; for(var i=0; i<len; i++) { var e = all[i]; updateTag(e, 'src'); updateTag(e, 'href'); } } function updateForms() { var forms = document.getElementsByTagName('form'); for(i=0; i<forms.length; i++) { var html = forms[i].innerHTML; html += '<input type=hidden name=' + tokenName + ' value=' + tokenValue + ' />'; forms[i].innerHTML = html; } } function updateTag(element, attr) { var location = element.getAttribute(attr); if(location != null && location != '' && isHttpLink(location)) { var index = location.indexOf('?'); if(index != -1) { location = location + '&' + tokenName + '=' + tokenValue; } else { location = location + '?' + tokenName + '=' + tokenValue; } element.setAttribute(attr, location); } } function isHttpLink(src) { var result = 0; if(src.substring(0, 4) != 'http' || src.substring(0, 1) == '/') { result = 1; } return result; } updateTags(); updateForms(); </script></html>

Any idea where this comes from? It seems to be the problem, but I can’t find where it is being introduced. It may have to do with the app tracking.

Turns out that this is some form of modsecurity that kicks in somehow when I enable EDD. Apparently it is running somewhere in my host or in WP, but for some reason, it appends to my player’s XML file when I enable EDD. Still trying to find a way to “detangle” it so I can run the play and EDD. :/