Big issue with custom javascript


#1

Hello,

I did a big mistake,

i added this code in the section custom script

document.write(‘

Print this after the script tag
’);

And now on all my pages i can only see this sentence : “Print this after the script tag” https://chatpsy.herokuapp.com/home

If someone could tell me how can i remove this javacript via the database?

Or is there a way to block this specific line of code, enter in the admin and remove it ?

Thanks for your help


#2

Without any guarantee: you should be able to restore the MongoDB database of Rocket.Chat - more specifically to your case: the settings collection from your last backup.

If you got no backup (then first: shame on your house!) you could also try to look up the document in the settings collection that stores the custom script settings and either edit or delete it. It will be initialized with default settings once you restart Rocket.Chat.

Cheers
Thomas


#3

My suggestion is find the setting name. You can right click it in browser and inspect element and see the id. Then goto mongo and do: db.rocketchat_settings.remove({_id: 'Setting_Id'})


#4

TLDR:

I needed this today, so I finally found how to do this:

db.rocketchat_settings.remove({_id: 'Custom_Script_Logged_In'})
db.rocketchat_settings.remove({_id: 'Custom_Script_Logged_Out'})

Longer description, how I found this:

To find this, I dumped MongoDB to JSON files with script from https://stackoverflow.com/questions/11255630/how-to-export-all-collection-in-mongodb

export.sh:

#!/bin/bash

if [ ! $1 ]; then
        echo " Example of use: $0 database_name [dir_to_store]"
        exit 1
fi
db=$1
out_dir=$2
if [ ! $out_dir ]; then
        out_dir="./"
else
        mkdir -p $out_dir
fi

tmp_file="fadlfhsdofheinwvw.js"
echo "print('_ ' + db.getCollectionNames())" > $tmp_file
cols=`mongo $db $tmp_file | grep '_' | awk '{print $2}' | tr ',' ' '`
for c in $cols
do
    mongoexport -d $db -c $c -o "$out_dir/exp_${db}_${c}.json"
done
rm $tmp_file

I did have Rocket.Chat snap installed, with database at port 27017. I did run script this way, to export parties database to parties directory:

chmod +x ./export.sh
./export.sh parties parties

Then in that directory I did search for my errorneous text replaceText that is part of search-replace script from https://stackoverflow.com/questions/5558613/replace-words-in-the-body-text that I added to custom Javascript and broke UI, so I could not get into admin settings:

cd parties
find . | xargs grep 'replaceText' -sl

It did show that setting was at exp_parties_rocketchat_settings.json

Then I opened it with nano:

nano exp_parties_rocketchat_settings.json

And used Ctrl-w to search for that text replaceText, and find that setting.


Wekan - Kanban board
#5

Nice thanks for sharing this! Very useful