We’re running into a frustrating issue with our partner portal on HubSpot CMS. Custom JavaScript that we’re loading via HubL require_js is failing to execute on dynamic content sections. The scripts work fine on static pages, but when content loads dynamically (like when partners navigate between dashboard tabs), our custom analytics tracking and widget initialization code never fires.
We suspect this might be related to recent CMS script injection changes, but we’re not entirely sure. We’ve also noticed some Content Security Policy headers in the browser console that might be blocking execution. The require_js tag seems to load the script initially, but subsequent dynamic content updates don’t trigger our initialization functions. Has anyone dealt with similar script loading issues on dynamic portal content?
Check your Content Security Policy headers first. HubSpot updated their CSP rules in 2021 to be more restrictive. If your custom scripts are being blocked, you’ll see ‘Content-Security-Policy’ violations in the console. You might need to work with HubSpot support to whitelist your script sources, especially if you’re loading from external CDNs. Also, make sure your require_js implementation is using the correct module pattern - the CMS expects specific AMD module formats for dynamic loading scenarios.
For dynamic content in HubSpot portals, you want to use MutationObserver to detect when new DOM elements are added. Wrap your initialization code in a function and call it both on page load and whenever the observer detects changes. Something like observing the main content container for childList changes. This way your analytics and widgets reinitialize every time dynamic content loads.
I’ve seen this before. HubSpot’s dynamic content loading doesn’t automatically re-execute scripts that were loaded via require_js on the initial page load. You need to hook into the content update events to reinitialize your widgets.
The 2021 CMS update changed how script injection works with HubL. Even if scripts are on HubSpot’s CDN, the require_js tag only executes on initial page render. For dynamic sections, you need a different approach - either inline the initialization code in the dynamic content itself, or use a global event listener pattern that doesn’t rely on require_js for subsequent loads.
The CSP headers are likely a red herring if your scripts are on HubSpot’s CDN. Here’s what you need to do: use a module pattern that survives dynamic loads and handles all three focus areas properly.
For require_js usage in dynamic contexts, create a global initialization function:
window.initPortalWidgets = function() {
// Your widget initialization
if (typeof analytics !== 'undefined') {
analytics.track('Portal View');
}
};
For CMS script injection changes, you need to call this function both on initial load and when content updates. Use the HubSpot content events:
document.addEventListener('hsContentLoaded', function(e) {
window.initPortalWidgets();
});
For Content Security Policy headers, verify your script-src directives allow ‘unsafe-inline’ for the portal domain, or move to a nonce-based approach. Check your portal settings under Design Manager > Settings > Advanced > Security Headers. If CSP is blocking execution, you’ll need to add your script domains to the allowlist.
The key issue is that require_js in HubL is designed for static page loads. For dynamic content sections, you need either: (1) a global function that reinitializes on content events, (2) inline script tags within the dynamic content modules themselves, or (3) a MutationObserver pattern as mentioned earlier. The most reliable approach for partner portals is option 1 - create a global init function and hook it to HubSpot’s content lifecycle events.
Also check if your dynamic content modules are using the correct HubL tags. Some older implementations used custom AJAX calls that don’t trigger the standard content events. If that’s the case, you might need to manually trigger your initialization in the AJAX success callbacks.
Thanks for the suggestions. I checked the console and yes, there are CSP warnings. Our scripts are hosted on HubSpot’s CDN though, so I didn’t think that would be an issue. The dynamic content sections use AJAX to load, and that’s where things break down. Any specific events I should be listening for?