Complianz Privacy Suite

Whitelisting inline script

Aert Hulsebos

Friendly Captcha – a privacy-friendly option for reCaptcha

ReCaptcha from Google is the most popular spam prevention tool available, and certainly with good reason as it seems to work and is widely-adopted and

Aert Hulsebos January 25, 2021

Records of Consent

Table of Contents Records of Consent is available in premium, from 4.9.2 onwards In the free plugin and our premium plugin below version 4.9.2 we

Aert Hulsebos January 12, 2021

Integrations for WooCommerce

In this article, we will explain the many integrations available for your WooCommerce shop. We will look at specific questions in our wizard and configuring

Aert Hulsebos December 28, 2020

Complianz uses a regular expression to find 3rd party services in inline scripts. Below we will take an example of a Podcast Player that creates an inline script. The output also contains data related to social media hyperlinks or instagram.com in this specific case. In most use cases we will find instagram.com as a link, directly related to the service which is Instagram itself, or a plugin that provides a service like embedding Instagram posts.

But not in this case. Podcast outputs data collections but does not invoke any Instagram related services. And it does not set any other cookies related to 3rd parties, meaning it can be set before consent. But Complianz blocked the script before consent, even if it didn’t have to.

The reason why Complianz blocked the script is because the user had Instagram embedded and enabled in Complianz, but gave a false positive on the Podcast player. These cases are rare, but might happen. To overcome this you can add a filter to tell Complianz to skip an inline script. All you need is the ID of the inline script. In the case of the blocked Podcast Player script it looked like this:

What you will need:

<script class="cmplz-script" type="text/plain" id='pppublic-js-extra'>

class=”cmplz-script” type=”text/plain” = Blocked prior to consent

id=’pppublic-js-extra’ = Script ID of Podcast player

What you will need to achieve is:

<script class="cmplz-native" type="text/javascript" id='pppublic-js-extra'>

class=”cmplz-native” = Whitelisted
id=’pppublic-js-extra’ = Script ID of Podcast player

How to whitelist inline script

You can add a filter as an MU-Plugin, or add it to your functions.php. You can use the below filter, but need to add the script ID of the service inline script that needs to be whitelisted yourself. You can find the script ID (if available) in the page source of your website. If you need help, please ask.

<?php
// Whitelisting podcast player inline script
add_filter ( 'cmplz_script_class',
function( $class, $total_match, $found ) {
if ( $found && false !== strpos( $total_match, 'YOUR-SCRIPT-ID' ) ) {
$class = 'cmplz-native'; // add cmplz-script for Marketing and cmplz-stats for Statistics
}
return $class;
}, 10 , 3
);