Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
23.3.108.227
Report Time:
30 Sep 2020 04:05:25 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(idURLSecret + "/nidlogin.login?mode=form&template=plogin&url="+closeUrl,"loginPopup","width=400,height=267");[http://blog.naver.com/PostView.nhn?blogId=overcome990]
  • window.open("/common/util/imageZoom.jsp?url="+b+"&rClickYn="+a+"&isOwner="+c,"zoomIn","scrollbars=yes,width=10,height=10")},getRequestQueryString:function(c){var a=document.location.search.split("?");[http://t.static.blog.naver.net/mylog/versioning/LayoutTopCommon-1058598685.js]
  • window.open(b,c?c:"editor_help",a?a:"width=790,height=540")},winOpenCenter:function(a,b,c,j,f,g){var d=Math.round((screen.availLeft||0)+(screen.availWidth-c)*0.5);[http://t.static.blog.naver.net/mylog/versioning/LayoutTopCommon-1058598685.js]
  • window.open(a,f,"")},goPermalink:function(e,c,d,f,g,a){var b="/DomainDispatcher.nhn?blogId="+e+"&id="+c+"&type="+d+"&subName="+f+"&logNo="+a;window.open(b,g,"")},bookmarksite:function(c,a){if(this.oAgent.firefox){window.sidebar.addPanel(c,a,"")}else{if(this.oAgent.opera){var b=document.createElement("a");[http://t.static.blog.naver.net/mylog/versioning/LayoutTopCommon-1058598685.js]
  • window.open("","prologue","width=440,height=160");[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(blogURL+"/ScrapList.nhn?blogId="+blogId,"scrapinfo","width=360, height=400, resizable=no, scrollbars=no")},viewNeighbor:function(){window.open(blogURL+"/BuddyMeList.nhn?blogId="+blogId,"buddyMe","width=450 ,height=430, resizable=no, scrollbars=no")},viewReverage:function(){window.open(blogURL+"/MyLeverageList.nhn?blogId="+blogId,"LeveragePop","width=450, height=495, resizable=no, scrollbars=no")}});[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(adminURL+"/AdminMain.nhn?blogId="+blogId+"&Redirect=CommentManage",a,"")},replaceHTML:function(a){try{if(this.elBlogRecentComment){this.elBlogRecentComment.innerHTML=a}this.moreButton=$("comment-list-i");[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(noteURL+"/note/sendForm.nhn?targetUserId="+blogId+"&svcType=1&popup=1","IdMenuPop","width=390,height=440,scrollbars=no,resizable=no");[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(cafeURL+"/CafeInviteView.nhn?m=view&inviteid="+blogId,"IdMenuPop","width=350,height=390,scrollbars=no,resizable=no")},addBuddy:function(){loginObj.isLogin($Fn(function(){this.checkBlackList(function(){var b=window.open("","IdMenuPop","width=420,height=288,scrollbars=yes");[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open("","addBuddy","width=420,height=288,scrollbars=yes");[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(blogURL+"/buddy/addBuddyPop.jsp?blogId="+blogId,"addBuddy","width=348,height=390,scrollbars=yes")})},makeGift:function(){window.open(itemURL+"/itembag/GiftPop.jsp?userid="+blogId,"IdMenuPop","width=400 height=500 status=no scroll=no")},viewBlog:function(){var a=blogURL+"/"+blogId;switch(this.openType){case"0":document.location.href=a;break;case"1":parent.location.href=a;break;case"2":top.location.href=a;break;case"3":window.open(a,"PopBlog","width=800,height=700");[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(this.domainUrl,"PopBlog","width=800,height=700");[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(a,b,m+" scrollbars=yes, toolbar=no, location=no, status=no, menubars=no, resizable=yes, width="+e+", height="+g)},_setMenuData:function(){try{var b=$$("a",this.el);[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open("http://creativecommons.org/licenses/"+a+"/2.0/kr/","_blank","")}});[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(this.elAnchor.href,"_self","")}}catch(g){utility.nvl_error(g,blogURL+"/title.js/Title/_onClick",g.lineNumber)}if((b.hasClass("_returnFalse"))||(l.hasClass("_returnFalse"))||bIsRemocon||bIsPreview){e.stop()}}});[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(mylogURL+"/blogMusicBGMPlayList.nhn?blogId="+blogId,"playlist","scrollbars=yes,status=yes,width=334,height=309")},getWidgetPlayList:function(){return this.widgetPlayList},_makeTitle:function(b){try{var f=artist=null;if(b){f=(typeof b.itemName!="undefined")?b.itemName:""}if(b){artist=(typeof b.artistName!="undefined")?b.artistName:""}if(b&&b.artistId!="0"){f+=" - "+artist}return f}catch(a){utility.nvl_error(a,blogURL+"/music.js/Music/makeTitle",a.lineNumber);[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(b.url,"happybean","width="+b.width+",height="+b.height+",directories=no,location=no,menubar=no,status=no,toolbar=no,resizable=no,scrollbars="+(b.scroll?b.scroll:"no"));[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(b,"happybean","directories=yes,location=yes,menubar=yes,scrollbars=yes,status=yes,toolbar=yes,resizable=yes");[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(l[0],"_blank")}else{if(n.hasClass("_showFileLayer")){postView.showFileLayer(f,l[0],l[1],l[2])}else{if(n.hasClass("_showMalwareAlertLayer")){postView.showMalwareAlertLayer(s,l[0],l[1],l[2])}else{if(n.hasClass("_showAhfLicenseAlertLayer")){postView.showAhfLicenseAlertLayer(s,l[0],l[1],l[2])}else{if(n.hasClass("_closeMalwareAlertLayer")){postView.closeMalwareAlertLayer(f)}else{if(n.hasClass("_showBlockAlertLayer")){postView.showBlockAlertLayer(s,l[0],l[1],l[2],l[3])}else{if(n.hasClass("_closeBlockAlertLayer")){postView.closeBlockAlertLayer(f)}else{if(n.hasClass("_showSendInfoLayer")){clickcr(n,"pst.send","","",k.$value());[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • window.open(f+"?"+this.toQueryString(e),"ndrivePopup",k);[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /** * Read domain and set it again after get rid of sub domain. * ex) blog.naver.com => naver.com * blogdev10.blog.me => blog.me */[http://t.static.blog.naver.net/mylog/versioning//common/js/global/RemoveSubDomain-dea9950.js]
  • /** * Created by Naver on 2015-08-24. ver.1.2 by jukyung.kim@nhn.com * For Chrome 45.0.2454.46 */[http://t.static.blog.naver.net/mylog/versioning//common/js/flash/allowSwfForChrome-d0f381e.js]
  • /**\n * Created by naver on 9/7/16.\n */[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • /**\n * flash & hls - hybrid launcher\n * @param options\n * @constructor\n */[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • /**\n * flash, hls 플레이어 런처 선택\n *\n * @param options\n * @returns {*}\n * @private\n */[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • /**\n * IE style onload check\n */[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • /**\n * Web Standard onload check\n */[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • /**\n * 현재 브라우저에 적합한 런처타입 선택\n * @returns {boolean}\n */[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • /**\n * 플레이어 open\n */[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • /**\n * 플레이어 open + 재생\n * @param trackIdsCommaSeperateString\n */[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • /**\n * 플레이어 open + 곡추가\n * @param trackIdsCommaSeperateString\n */[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • /**\n * module export\n */[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log(a)}}}}})();[http://t.static.blog.naver.net/mylog/versioning/LayoutTopCommon-1058598685.js]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval("false||function("+funcArg.join(",")+"){"+funcStr+"}")}return function(){var f=this.$this[m];var t=this.$this;var r=(t[m]=func).apply(t,arguments);[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • eval(sOrg)};var wrapQuot=function(sStr){return'"'+sStr.replace(/"/g,'\\"')+'"'};var getStyleKey=function(sKey){if(/^@/.test(sKey)){return sKey.substr(1)}return null};var getCSS=function(oEl,sKey){if(oEl.currentStyle){if(sKey=="float"){sKey="styleFloat"}return oEl.currentStyle[sKey]||oEl.style[sKey]}else{if(window.getComputedStyle){return oDocument_dontShrink.defaultView.getComputedStyle(oEl,null).getPropertyValue(sKey.replace(/([A-Z])/g,"-$1").toLowerCase())||oEl.style[sKey]}}if(sKey=="float"&&/MSIE/.test(window.navigator.userAgent)){sKey="styleFloat"}return oEl.style[sKey]};var oCamels={accesskey:"accessKey",cellspacing:"cellSpacing",cellpadding:"cellPadding","class":"className",colspan:"colSpan","for":"htmlFor",maxlength:"maxLength",readonly:"readOnly",rowspan:"rowSpan",tabindex:"tabIndex",valign:"vAlign"};var getDefineCode=function(sKey){var sVal;var sStyleKey;if(bXMLDocument){sVal='oEl.getAttribute("'+sKey+'",2)'}else{if(sStyleKey=getStyleKey(sKey)){sKey="$$"+sStyleKey;sVal='getCSS(oEl, "'+sStyleKey+'")'}else{switch(sKey){case"checked":sVal='oEl.checked + ""';break;case"disabled":sVal='oEl.disabled + ""';break;case"enabled":sVal='!oEl.disabled + ""';break;case"readonly":sVal='oEl.readOnly + ""';break;case"selected":sVal='oEl.selected + ""';break;default:if(oCamels[sKey]){sVal="oEl."+oCamels[sKey]}else{sVal='oEl.getAttribute("'+sKey+'",2)'}}}}return"_"+sKey+" = "+sVal};var getReturnCode=function(oExpr){var sStyleKey=getStyleKey(oExpr.key);[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • eval("var fpCompiled = "+sFunc+";");[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • eval("fpFunction = function(oEl) { "+oExpr.defines+"return ("+oExpr.returnsID+oExpr.returnsTAG+oExpr.returns+");[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • eval("("+this._response.responseText+")")}catch(e){return{}}}}return{}};jindo.$Ajax.Response.prototype.header=function(a){if(typeof a=="string"){return this._response.getResponseHeader(a)}return this._response.getAllResponseHeaders()};jindo.$Ajax.RequestBase=jindo.$Class({_respHeaderString:"",callbackid:"",callbackname:"",responseXML:null,responseJSON:null,responseText:"",status:404,readyState:0,$init:function(a){},onload:function(){},abort:function(){},open:function(){},send:function(){},setRequestHeader:function(a,b){this._headers[a]=b},getResponseHeader:function(a){return this._respHeaders[a]||""},getAllResponseHeaders:function(){return this._respHeaderString},_getCallbackInfo:function(){var b="";if(this.option("callbackid")!=""){var a=0;do{b="_"+this.option("callbackid")+"_"+a;a++}while(window.__jindo2_callback[b])}else{do{b="_"+Math.floor(Math.random()*10000)}while(window.__jindo2_callback[b])}if(this.option("callbackname")==""){this.option("callbackname","_callback")}return{callbackname:this.option("callbackname"),id:b,name:"window.__jindo2_callback."+b}}});[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • eval("("+sObject+")")}else{sObject=sObject}}catch(e){sObject={}}return sObject};jindo.$Json.fromXML=function(a){var d={};var m=/\s*<(\/?[\w:\-]+)((?:\s+[\w:\-]+\s*=\s*(?:"(?:\\"|[^"])*"|'(?:\\'|[^'])*'))*)\s*((?:\/>)|(?:><\/\1>|\s*))|\s*<!\[CDATA\[([\w\W]*?)\]\]>\s*|\s*>?([^<]*)/ig;var g=/^[0-9]+(?:\.[0-9]+)?$/;var h={"&":"&"," ":" ",""":'"',"<":"<",">":">"};var b={tags:["/"],stack:[d]};var l=function(n){if(typeof n=="undefined"){return""}return n.replace(/&[a-z]+;/g,function(o){return(typeof h[o]=="string")?h[o]:o})};var e=function(n,o){n.replace(/([\w\:\-]+)\s*=\s*(?:"((?:\\"|[^"])*)"|'((?:\\'|[^'])*)')/g,function(q,p,s,r){o[p]=l((s?s.replace(/\\"/g,'"'):undefined)||(r?r.replace(/\\'/g,"'"):undefined))})};var c=function(p){for(var n in p){if(p.hasOwnProperty(n)){if(Object.prototype[n]){continue}return false}}return true};var f=function(v,u,s,r,q,p){var D,C="";var B=b.stack.length-1;if(typeof u=="string"&&u){if(u.substr(0,1)!="/"){var A=(typeof s=="string"&&s);[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • eval(aJS.join("\n"));[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • eval("false||function("+func+"){"+thisObject+"}")}}};var _ua=navigator.userAgent;jindo.$Fn.prototype.$value=function(){return this._func};jindo.$Fn.prototype.bind=function(){var d=jindo.$A(arguments).$value();[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • eval("false||function(d){"+_aStr.join("")+"}");[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • document.write('<div style="position:absolute;top:-1000px;left:-1000px"><object tabindex="-1" id="'+jindo.$Ajax.SWFRequest._tmpId+'" width="1" height="1" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="//fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"><param name="movie" value="'+a+'"><param name = "FlashVars" value = "activeCallback='+b+'" /><param name = "allowScriptAccess" value = "always" /><embed tabindex="-1" name="'+jindo.$Ajax.SWFRequest._tmpId+'" src="'+a+'" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" width="1" height="1" allowScriptAccess="always" swLiveConnect="true" FlashVars="activeCallback='+b+'"></embed></object></div>')};jindo.$Ajax._checkFlashLoad=function(){jindo.$Ajax._checkFlashKey=setTimeout(function(){},5000);[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • insertAdjacentHTML(t,m)}else{var u=d.ownerDocument||d.document||document;var o=u.createDocumentFragment();[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • insertAdjacentHTML(this,a,"beforeEnd","firstChild",jindo.$Fn(function(b){this.append(b)},this).bind())};jindo.$Element.prototype.prependHTML=function(a){return jindo.$Element.insertAdjacentHTML(this,a,"afterBegin","lastChild",jindo.$Fn(function(b){this.prepend(b)},this).bind())};jindo.$Element.prototype.beforeHTML=function(a){return jindo.$Element.insertAdjacentHTML(this,a,"beforeBegin","firstChild",jindo.$Fn(function(b){this.before(b)},this).bind())};jindo.$Element.prototype.afterHTML=function(a){return jindo.$Element.insertAdjacentHTML(this,a,"afterEnd","lastChild",jindo.$Fn(function(b){this._element.parentNode.insertBefore(b,this._element.nextSibling)},this).bind())};jindo.$Element.prototype.delegate=function(e,b,c){if(!this._element["_delegate_"+e]){this._element["_delegate_"+e]={};var d=jindo.$Fn(function(m,p){p=p||window.event;if(typeof p.currentTarget=="undefined"){p.currentTarget=this._element}var h=p.target||p.srcElement;var q=this._element["_delegate_"+m];var t,n,g,f;for(var s in q){t=q[s];f=t.checker(h);[http://t.static.blog.naver.net/mylog/versioning/Jindo152-313837964.js]
  • eval(lazyTranslated)},toText2HTMLWitoutAmp:function(a){return a.replace(/</g,"<").replace(/>/g,">").replace(/"/g,""").replace(/%22/g,""").replace(/%27/g,"'")},toText2HTML:function(a){return a.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">").replace(/"/g,""").replace(/%22/g,""").replace(/%27/g,"'")},toHTML2TextWitoutAmp:function(b){var a=b;a=a.replace(/</g,"<").replace(/>/g,">");[http://t.static.blog.naver.net/mylog/versioning/LayoutTopCommon-1058598685.js]
  • document.write(e.join(""))};var setSlidePhoto2Preview=function(f,c,b,a,d){var e=[];e.push('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="//fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="'+b+'" height="'+a+'" id="motionPhoto" align="middle">');[http://t.static.blog.naver.net/mylog/versioning/LayoutTopCommon-1058598685.js]
  • document.write(c.generateTag(v,s,r,p,u,q,t))};c.generateTag=function(x,y,z,C,q,A,u){z=z||"100%";C=C||"100%";u=u||"9,0,0,0";A=A||"middle";var B=c.getDefaultOption();[http://t.static.blog.naver.net/mylog/versioning/LayoutTopCommon-1058598685.js]
  • insertAdjacentHTML("BeforeEnd",c)}else{if(this._sDrawingType=="canvas"){this._oDC.save();[http://t.static.blog.naver.net/mylog/versioning/JindoComponent-190469086.js]
  • eval("("+xdr.responseText+")");[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • eval(sCurrentData)},_stripForEval:function(a){return a.replace(/\n/g,"")},setWritingMaterialListType:function(a){this.sWritingMaterialListType=a},getCurrentPageNum:function(){return this.nCurrentPageNum},getTotalPageCount:function(){return this.nTotalPageCount},getCurrentMaterialList:function(){return this.aCurrentMaterials},getWritingMaterialListType:function(){return this.sWritingMaterialListType},hasNext:function(){return this.nCurrentPageNum<this.nTotalPageCount},loadNext:function(){if(this.hasNext()){this.nCurrentPageNum+=1;this._load()}},hasPrev:function(){return this.nCurrentPageNum>1},loadPrev:function(){if(this.hasPrev()){this.nCurrentPageNum-=1;this._load()}},_load:function(){new $Ajax("/library/LibraryWidgetMaterialListAsync.nhn",{type:"xhr",method:"post",onload:$Fn(function(a){if(a.status()==200){this.setCurrentStatus(a.text());[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • eval("var "+sWidgetKey+" = new "+utility.capitalize(sWidgetKey)+"()")}}}var WidgetLoader=$Class({URL:"/WidgetListAsync.nhn",$init:function(){this._load()},_load:function(){if((ePapermain=$("papermain"))!=null){if(ePapermain.src&&(ePapermain.src.indexOf("/PostWriteForm.nhn")>-1||ePapermain.src.indexOf("/PostUpdateForm.nhn")>-1)){return}}var e=true;if(typeof visitor=="undefined"){isVisitorOpen=false}if(typeof buddy=="undefined"){e=false}this.elLogtype=$("logtype");[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • eval("this._"+(el.id).replace(/-/g,"_")+"_load()")}catch(e){}}if(typeof visitor!="undefined"&&typeof this.result.visitor!="undefined"&&this.result.visitor.isOpen){visitor.replaceHTML(this.result.visitor.content)}if(typeof challengeGoalTrack!="undefined"){maxSubWidgetIndex=result.challengegoaltrack.maxSubwidgetIndex;for(var count=0;count<maxSubWidgetIndex;count++){widgetId=this._getChallengeSubwidgetId("challengeGoalTrack",count);[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • eval("result.challengegoaltrack."+widgetId+"_content")!="undefined"){challengeGoalTrack.replaceHTML(widgetId,eval("result.challengegoaltrack."+widgetId+"_content"))}}}if(typeof challengeMasterTrack!="undefined"){maxSubWidgetIndex=result.challengemastertrack.maxSubwidgetIndex;for(var count=0;count<maxSubWidgetIndex;count++){widgetId=this._getChallengeSubwidgetId("challengeMasterTrack",count);[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • eval("result.challengemastertrack."+widgetId+"_content")!="undefined"){challengeMasterTrack.replaceHTML(widgetId,eval("result.challengemastertrack."+widgetId+"_content"))}}}if(typeof focusing!="undefined"){focusing.gotoTagForPost()}},_getChallengeSubwidgetId:function(e,b){var a=e;if(b==0){a=a}else{a=a+"_"+(b+1)}return a},_widget_business_load:function(){if(typeof business!="undefined"&&this.result.business){business.replaceHTML(this.result.business.content);[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • eval(pattern),"")})}else{if(type=="content"){this.contentPageRemoveParameters.forEach(function(removeParamter,index){var pattern="/"+removeParamter+"[^(&|$)]*(&|$)/g";pageUrl=pageUrl.replace(eval(pattern),"")});[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • eval('PlayerManagerClass = function (options) {\n this.init(options);[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
  • eval('\n// var WebStreamingPlayerLauncher = require(\'./sublaunchers/WebStreamingPlayerLauncher\');[http://t.static.blog.naver.net/mylog/versioning/LayoutBottomCommon-45986351.js]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)