000webhost is messing with foxyform

foxyform isn’t working at https://syleria.000webhostapp.com/Contact.html. I think I’ve pinpointed the reason why: 000webhost is inserting code into my contact form widget. Here’s what the code is supposed to look like:

<body marginwidth="0" marginheight="0"><!-- Do not change the code! -->
<iframe src="http://www.foxyform.com/form.php?id=919772&amp;sec_hash=4fcdd8eb284" width="350px" height="380px" style="border: none;" frameborder="0"></iframe><a id="foxyform_embed_link_919772" href="http://www.foxyform.com/" style="display: block; width: 350px; font-size: 0.7em; color: grey; text-align: right; text-decoration: none;" target="_top">foxyform</a>
<script src="http://www.foxyform.com/js.php?id=919772&amp;sec_hash=4fcdd8eb284&amp;width=350px"></script><script type="text/javascript">
(function(d, t){
   var g = d.createElement(t),
       s = d.getElementsByTagName(t)[0];
   g.src = "http://www.foxyform.com/js.php?id=919772&sec_hash=4fcdd8eb284&width=350px";
   s.parentNode.insertBefore(g, s);
}(document, "script"));
</script>
<!-- Do not change the code! --></body>

And here’s what is actually transmitted to my browser:

<body marginwidth="0" marginheight="0"><!-- Do not change the code! -->
<a id="foxyform_embed_link_919772" href="http://www.foxyform.com/" target="_top">foxyform</a>
<script src="http://www.foxyform.com/js.php?id=919772&amp;sec_hash=4fcdd8eb284&amp;width=350px"></script><script type="text/javascript">
(function(d, t){
   var g = d.createElement(t),
       s = d.getElementsByTagName(t)[0];
   g.src = "http://www.foxyform.com/js.php?id=919772&sec_hash=4fcdd8eb284&width=350px";
   s.parentNode.insertBefore(g, s);
}(document, "script"));
</script>
<!-- Do not change the code! --><div style="text-align: right;position: fixed;z-index:9999999;bottom: 0; width: 100%;cursor: pointer;line-height: 0;display:block !important;"><a title="Hosted on free web hosting 000webhost.com. Host your own website for FREE." target="_blank" href="https://www.000webhost.com/?utm_source=000webhostapp&amp;utm_campaign=000_logo&amp;utm_medium=website_syleria&amp;utm_content=footer_img"><img src="https://cdn.rawgit.com/000webhost/logo/e9bd13f7/footer-powered-by-000webhost-white2.png" alt="www.000webhost.com"></a></div></body>

This is causing the contact form not to display at all.

What can I do about this?

This shouldn’t be affecting Foxyform. If have a domain purchased from Hostinger though, you can disable branding. :slight_smile:

stripping out the iframes shouldn’t affect foxyform??

This is…not solved.

Look at this segment of the code:

Original:

<body marginwidth="0" marginheight="0"><!-- Do not change the code! -->
<iframe src="http://www.foxyform.com/form.php?id=919772&amp;sec_hash=4fcdd8eb284" width="350px" height="380px" style="border: none;" frameborder="0"></iframe><a id="foxyform_embed_link_919772" href="http://www.foxyform.com/" style="display: block; width: 350px; font-size: 0.7em; color: grey; text-align: right; text-decoration: none;" target="_top">foxyform</a>
<script src="http://www.foxyform.com/js.php?id=919772&amp;sec_hash=4fcdd8eb284&amp;width=350px"></script><script type="text/javascript">

Served by 000webhost:

<body marginwidth="0" marginheight="0"><!-- Do not change the code! -->
<a id="foxyform_embed_link_919772" href="http://www.foxyform.com/" target="_top">foxyform</a>
<script src="http://www.foxyform.com/js.php?id=919772&amp;sec_hash=4fcdd8eb284&amp;width=350px"></script><script type="text/javascript">

See the difference? This is not about the branding.

Hello, I just tested this on my own demo page, and it seems to work perfectly.
However, most browsers nowdays blocks non-secure content on secure websites.

I advice you to use // in stead of http:// in URLS, this will automaticly detect wether or not the website is running in secure mode or not, thus trying to access the same security level on the iframes and/or scripts.

<iframe src="//www.foxyform.com/form.php?id=919772&amp;sec_hash=4fcdd8eb284" width="350px" height="380px" style="border: none;" frameborder="0"></iframe><a id="foxyform_embed_link_919772" href="http://www.foxyform.com/" style="display: block; width: 350px; font-size: 0.7em; color: grey; text-align: right; text-decoration: none;" target="_top">foxyform</a>
<script src="//www.foxyform.com/js.php?id=919772&amp;sec_hash=4fcdd8eb284&amp;width=350px"></script><script type="text/javascript">
1 Like

@Calion, I would definitely try what @Mortenrb explained. That usually solves the issue 99% of the time. :wink:

You’re right, that’s what the problem was; however, that fix didn’t do it. My browser (Safari) returns "[blocked] The page at about:blank was not allowed to display insecure content from http://www.foxyform.com/form.php?id=919772&sec_hash=4fcdd8eb284." even when I’m using “//” instead of “http://”.

When I use “https://” I get "[blocked] The page at about:blank was not allowed to display insecure content from http://www.foxyform.com/form.php?id=919772&sec_hash=4fcdd8eb284."

What can I do about this? Ideas?

Hi @Calion!

I have added a header in .htaccess which instructs your browser to upgrade the insecure requests. All mixed content should load now.

2 Likes