diff --git a/blueprints/admin/pages/raw.yaml b/blueprints/admin/pages/raw.yaml
index 3ddf2ac2..788e9e23 100644
--- a/blueprints/admin/pages/raw.yaml
+++ b/blueprints/admin/pages/raw.yaml
@@ -18,6 +18,9 @@ form:
title: PLUGIN_ADMIN.CONTENT
fields:
+ xss_check:
+ type: xss
+
frontmatter:
classes: frontmatter
type: editor
diff --git a/classes/admincontroller.php b/classes/admincontroller.php
index b0a92861..b74b484b 100644
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -661,10 +661,7 @@ class AdminController extends AdminBaseController
$check_what = ['header' => $data['header'], 'content' => $data['content']];
$results = Security::detectXssFromArray($check_what);
if (!empty($results)) {
- $results_parts = array_map(function($value, $key) {
- return $key.': \''.$value . '\'';
- }, array_values($results), array_keys($results));
- $this->admin->setMessage(' ' . sprintf($this->admin->translate('PLUGIN_ADMIN.XSS_ISSUE'), implode(', ', $results_parts)),
+ $this->admin->setMessage(' ' . $this->admin->translate('PLUGIN_ADMIN.XSS_ONSAVE_ISSUE'),
'error');
return false;
}
diff --git a/themes/grav/templates/forms/fields/xss/xss.html.twig b/themes/grav/templates/forms/fields/xss/xss.html.twig
new file mode 100644
index 00000000..3d858c41
--- /dev/null
+++ b/themes/grav/templates/forms/fields/xss/xss.html.twig
@@ -0,0 +1,6 @@
+{% set xss_header = data.value('header')|array %}
+{% set xss_content = data.value('content') %}
+{% set xss_status = xss({header: xss_header, content: xss_content}) %}
+{% if xss_status is not empty %}
+ {{ "PLUGIN_ADMIN.XSS_ISSUE"|tu([xss_status])|raw }}
+{% endif %}