To protect your landing pages and popups from security threats like phishing redirects and malicious scripts, the HTML block now automatically removes unsafe code when you edit and save a page.

If your landing pages or popups use custom HTML, these changes help prevent unauthorized scripts from running while keeping standard HTML and JavaScript functionality intact.

Why These HTML Block Security Changes Matter

These updates help protect:

• Your business reputation
• Your customer data
• Visitors interacting with your landing pages and popups

Unsafe code patterns, such as malicious redirects or injected scripts, can compromise your pages. The HTML block now prevents these risks by removing unsupported code automatically.

When HTML Block Security Changes Apply

These changes apply only when you edit and save a landing page or popup. Existing published landing pages and popups are not affected until they are edited and saved in the editor.

Once saved, any affected code patterns in the HTML block are automatically stripped out.

We strongly recommend reviewing any landing pages and popups that use custom HTML so you are prepared to make adjustments the next time you edit them.

What HTML Code Is Removed Automatically

The HTML block removes unsafe or unsupported code patterns commonly used in security exploits. This helps prevent malicious scripts, unsafe redirects, and unauthorized code execution in your landing pages and popups.

If custom HTML stops working after saving, it is likely due to one of the unsupported code patterns listed below.

The following patterns are removed when an HTML block is saved in a landing page or popup:

Inline event handler attributes

• onclick
• onerror
• onload
• onmouseover
• onchange
• onsubmit
• Any attribute that begins with on*

Unsafe URI protocols

• javascript: in href or src attributes
• vbscript: in any attribute
• data: URIs in src attributes

Inline images using data:image/* are still supported.

Certain HTML Tags

• <object> 
• <applet> 
• <base> 
• <meta http-equiv="refresh">

Unsafe CSS patterns

• expression() 
• -moz-binding 
• behavior

What HTML code is still supported

Script tags

You can continue using <script> tags for:

• Inline JavaScript
• Externally hosted scripts such as Google Analytics or tracking pixels
• Custom JavaScript logic

Embedded content

The HTML block continues to support embedded content using:

• <iframe> 
• <embed>

You can still embed:

• YouTube, Vimeo, or Wistia videos
• Third-party forms and external widgets

Common Use Cases and What to Do

Tracking scripts (Google Analytics, Google Tag Manager, etc.)

• No action is needed. These use <script> tags, which are not affected.

Embedded video (Wistia, YouTube, Vimeo, etc.)

• No action is needed. These use <iframe> or <embed> tags and are not affected.

Progressive form behavior (showing or hiding fields based on user input)

• If you are currently using inline event handlers such as onchange or onmouseover directly on HTML elements, move that logic into a <script> tag.

Referral campaigns and field manipulation

• If you use JavaScript to clear pre-filled fields or populate custom values (such as “Referred By”), this will continue to work as long as the logic is inside <script> tags rather than inline event attributes.

URL redirects with parameters

• If you use javascript: in href attributes to redirect visitors with URL parameters, move that logic into a <script> tag instead.

• Standard links such as https://yoursite.com?param=value are not affected.

What You Should Do Before Editing a Landing Page or Popup

Before editing a landing page or popup, review any custom HTML in the HTML block for unsupported code patterns before saving changes.

Check for and update the following before saving changes:

• Inline event handlers such as onclick, onchange, or onload
• javascript: links in href attributes
• Custom scripts or dynamic behavior that may rely on unsupported patterns

Need Help?

If you have questions or need help updating or migrating your HTML block code, please contact Support for assistance.