Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
13.115.18.61
Report Time:
22 Oct 2020 00:18:13 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(panelURL, 'hatena_bookmark_panel_popup', 'width=512,height=600,menubar=no,toolbar=no,resizable=yes');[https://b.st-hatena.com/js/bookmark_button.js]
  • window.open();[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open(t,"add_star",i);[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open(t,"external_auth",(0,i.default)(r));[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open(this.state.href,"Quote.Tweet",t),!1}};e.exports=a},function(e,t,n){n(21),n(23);[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open("",o,(0,r.default)(i));[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open(n,"login",(0,i.default)(e))},l.prototype.toggleState=function(){this.user.isSubscribing?(this.unsubscribe(),l.setSubscription(this.blog.blogUrl,!1)):(this.subscribe(),l.setSubscription(this.blog.blogUrl,!0))},l.setSubscription=function(e,t){var n=JSON.parse(window.localStorage.getItem("subscription"));[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open("","subscribe",(0,a.default)(t)),r=d.createForWindow(n,e),i=this;r.addEventListener("done",(function(){i.toggleState(),o()}));[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open("","comment",n),i=Messenger.createForWindow(r,e);[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open("","delete_comment",n),o=Messenger.createForWindow(i,e),a=function(){o.destroy(),i.close()};o.addEventListener("delete",(function(){t()})),o.addEventListener("close",a),(0,r.default)(document.body).one("focus",a)},renderIframe:function(e,t,n){var a=(0,r.default)(('\n <div class="hatena-iframe-container">\n <div class="loading" style="display: none;">\n <img src="'+o.staticUrl("/images/loading.gif")+'" class="loading-spinner" alt="loading"/>\n '+i.default.text("loading")+'\n </div>\n <iframe frameborder="0"></iframe>\n </div>\n ').trim()).appendTo(document.body);[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open("","hatena-preview-new-window",n),l((function(){return e.previewWindow&&e.previewWindow.closed}),(function(){return e.updateWindowMode()})),this.$closeWindowButton.on("click",(function(){e.previewWindow&&e.previewWindow.close()})),this.updateWindowMode()},t.previewInWindow=function(){this.isOpeningWindow()||this.openPreviewWindow(),this.appendPreviewHTML("hatena-preview-new-window"),this.previewWindow&&this.previewWindow.focus()},t.previewInIframe=function(){this.$wrapper.toggleClass("is-device-touch","touch"===this.device||"amp"===this.device),this.appendPreviewHTML("hatena-preview-iframe")},t.closePreviewWindow=function(){this.isOpeningWindow()&&this.previewWindow&&this.previewWindow.close()},t.updateWindowMode=function(){var e=this.isOpeningWindow();[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open((0,i.default)("admin-domain")+"/-/config/external")})),this.$el.on("click",".js-skip-button",(function(){return t.$el.find(".js-non-display-checkbox").prop("checked")&&t.modal.setModalDisabled(),t.hideModal(),!1}))}var t=e.prototype;return t.showModal=function(){o.show(this.$el,{center:1,showBackground:!0})},t.hideModal=function(){o.hide(this.$el)},e}();[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open(this.url,"share_window",(0,i.default)({width:this.width,height:this.height,left:this.left,top:this.top,scrollbars:"yes"}))},e}();[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open(i,"t","toolbar=0,resizable=0,status=1,width=450,height=430")||(location.href=i)};return/Firefox/.test(navigator.userAgent)?setTimeout(o,0):o(),!1}))}};e.exports=i},function(e,t,n){var r=n(20),i=n(80),o=n(49),a=n(210),s={init:function(){i.setup();[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • window.open("","comment"),r=s.default.createForWindow(n,t);[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /*! License information is available at valve.licenses.txt */[https://cdn.pool.st-hatena.com/valve/valve.js]
  • /*! 674c77b released at 10/14/2020, 6:41:14 AM UTC */[https://cdn.pool.st-hatena.com/valve/valve.js]
  • /** @license MIT* Fun Hooks v0.9.8* (c) @snapwich*/[https://cdn.pool.st-hatena.com/valve/valve.js]
  • /*! * @overview es6-promise - a tiny implementation of Promises/A+. * @copyright Copyright (c) 2014 Yehuda Katz, Tom Dale, Stefan Penner and contributors (Conversion to ES6 API by Jake Archibald) * @license Licensed under MIT license * See https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE * @version v4.2.8+1e68dce6 */[https://cdn.pool.st-hatena.com/valve/valve.js]
  • /* Ten */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Class */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /*// Basic Ten Classes*/[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Function */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Array */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.JSONP */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.XHR */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Observer */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Event */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.EventDispatcher */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.DOM */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Element */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Cookie */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Selector */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.SelectorNode */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten._Selector */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten._SelectorNode */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.querySelector */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Color */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Style */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Geometry */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Position */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Logger */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* DEPRECATED: Ten.Browser */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Gecko */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Presto */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Android smartphones */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* iPhone and iPod touch */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Touch small devices */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /*// require Ten.js*/[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.SubWindow */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Draggable */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /*// require Ten.js*/[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Ten.Highlight */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /*// require Ten.js*/[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.User */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /*// require Ten.js// require Ten/SubWindow.js// require Ten/Highlight.js// require Hatena.js*/[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /*// Hatena.Star.* classes //*/[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.User */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.Entry */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.Button */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.AddButton */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.Pallet */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.AddButton.SmartPhone */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.Pallet.SmartPhone */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.CommentButton */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.CommentButtonActive */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.Star */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.Highlight */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* from Hatena::Bookmark */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* thx id:amachang / id:Yuichirou / id:os0x */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.InnerCount */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.Comment */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.CommentDeleteButton */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.NameScreen */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.LoginWindow */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.AlertScreen */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.DeleteConfirmScreen */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.CommentScreen */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.EntryLoader */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.ConfigLoader */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.WindowObserver */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.Text */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* start */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* Hatena.Star.SiteConfig */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /* sample configuration for Hatena Diary */[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /*// Hatena.Star.SiteConfig = {// entryNodes: {// 'div.section': {// uri: 'h3 a',// title: 'h3',// container: 'h3'// }// }// };*/[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /*=head1 NAMEHatenaStar.js - Make your blog more fun!=head1 SYNOPSISIn your blog header or body, <script type="text/javascript" src="http://s.hatena.com/js/HatenaStar.js"></script>You may have to configure these settings for your blog if you don't usemajor blog hosting service. <script type="text/javascript" src="http://s.hatena.com/js/HatenaStar.js"></script> <script type="text/javascript> Hatena.Star.SiteConfig = { entryNodes: { 'div.entry': { uri: 'a.permalink', title: 'h3.title', container: 'h3.title' } } }; </script>You can also register your Hatena ID by adding your blog's url at http://s.hatena.com/ (English) http://s.hatena.ne.jp/ (Japanese)You can receive comments from your favorite users if you register your ID.=head1 SITE CONFIGURATIONSite configuration style changed in Sep. 2007. To configure Hatena Starfor your site, please specify your html element structure as below. <script type="text/javascript> Hatena.Star.SiteConfig = { entryNodes: { 'div.entry': { uri: 'a.permalink', title: 'h3.title', container: 'h3.title' } } }; </script>(to be continued..)=head1 CUTOMIZE IMAGESYou can customize the default image settings for your page if you want. // change the images of stars, buttons by editing your style sheets .hatena-star-add-button-image { background-image: url(http://exapmle.com/add.gif); } .hatena-star-comment-button-image { background-image: url(http://exapmle.com/comment.gif); } .hatena-star-star-image { background-image: url(http://exapmle.com/star.gif); }=head1 CHANGESPlease see E<lt>http://s.hatena.com/js/Hatena/Star/HatenaStar.ChangesE<gt>.=head1 AUTHORJunya Kondo, E<lt>http://d.hatena.ne.jp/jkondo/E<gt>Yuichi Tateno, motemen, nagayama=head1 COPYRIGHT AND LICENSECopyright (C) Hatena Inc. All Rights Reserved.This library is free software; you may redistribute it and/or modifyit under the same terms as the Perl programming language.=cut*/[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • /*! * @overview es6-promise - a tiny implementation of Promises/A+. * @copyright Copyright (c) 2014 Yehuda Katz, Tom Dale, Stefan Penner and contributors (Conversion to ES6 API by Jake Archibald) * @license Licensed under MIT license * See https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE * @version v4.2.5+7f2b526d */[https://platform.twitter.com/widgets.js]
  • /* UTF-8 でないページから読み込まれても動くように、 * コメントは複数行コメント (閉じる "*" の前にスペースを置く) を使い、 * 文字列リテラル中の ASCII 外の文字は \uXXXX とエスケープする。 */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* Safari は location.href でパス中の URI エスケープを * デコードしてしまうので、document.URL も調べてみる */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* 一部の IE8 でのクラッシュ対策 * cf: http://vividcode.hatenablog.com/entry/ie/ie8_posmes_crash */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* WebKit ではフレームごとに別の名前をつける必要あり */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* http://en.wikipedia.org/wiki/Fowler%E2%80%93Noll%E2%80%93Vo_hash_function */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* "#" だとページ最上部へのスクロールが発生するので "#_" で */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* WindowMessenger implementation with fragment identifier */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* Welcome to Shibuya.js! */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* IE で href プロパティが絶対 URL に解決されないことがある */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* リンクの内容が画像ひとつのみならその画像を基準にパネルを表示 */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* var frameTitle = (this.title ? '『' + this.title + '』' : 'このエントリー') + 'をはてなブックマークに追加'; */[https://b.st-hatena.com/js/bookmark_button.js]
  • /* frame からのメッセージ受信失敗時の保険 */[https://b.st-hatena.com/js/bookmark_button.js]
  • /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */[https://cdn.blog.st-hatena.com/js/external/jquery.min.js?version=1.12.3]
  • /* Javascript plotting library for jQuery, version 0.8.3.Copyright (c) 2007-2014 IOLA and Ole Laursen.Licensed under the MIT license.*/[https://cdn.blog.st-hatena.com/js/external/jquery.flot.js?version=0.8.3]
  • /* Plugin for jQuery for working with colors. * * Version 1.1. * * Inspiration from jQuery color animation plugin by John Resig. * * Released under the MIT license by Ole Laursen, October 2009. * * Examples: * * $.color.parse("#fff").scale('rgb', 0.25).add('a', -0.5).toString() * var c = $.color.extract($("#mydiv"), 'background-color'); * console.log(c.r, c.g, c.b, c.a); * $.color.make(100, 50, 25, 0.4).toString() // returns "rgba(100,50,25,0.4)" * * Note that .scale() and .add() return the same modified object * instead of making a new one. * * V. 1.1: Fix error handling so e.g. parsing an empty string does * produce a color rather than just crashing. */[https://cdn.blog.st-hatena.com/js/external/jquery.flot.js?version=0.8.3]
  • /* Pretty handling of time axes.Copyright (c) 2007-2014 IOLA and Ole Laursen.Licensed under the MIT license.Set axis.mode to "time" to enable. See the section "Time series data" inAPI.txt for details.*/[https://cdn.blog.st-hatena.com/js/external/jquery.flot.time.js?version=0.8.3]
  • /*! *****************************************************************************Copyright (c) Microsoft Corporation.Permission to use, copy, modify, and/or distribute this software for anypurpose with or without fee is hereby granted.THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITHREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITYAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROMLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OROTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE ORPERFORMANCE OF THIS SOFTWARE.***************************************************************************** */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /** * Copyright (c) 2014-present, Facebook, Inc. * * This source code is licensed under the MIT license found in the * LICENSE file in the root directory of this source tree. */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /*" namespace. They are considered private. Instead, you must return the current state for any unknown actions, unless it is undefined, in which case you must return the initial state, regardless of the action type. The initial state may not be undefined, but can be null.')}))}(n)}catch(e){a=e}return function(e,t){if(void 0===e&&(e={}),a)throw a;for(var r=!1,o={},i=0;i<u.length;i++){var c=u[i],l=n[c],f=e[c],d=l(f,t);if(void 0===d){var h=s(c,t);throw new Error(h)}o[c]=d,r=r||d!==f}return(r=r||u.length!==Object.keys(e).length)?o:e}}function l(e,t){return function(){return t(e.apply(this,arguments))}}function f(e,t){if("function"==typeof e)return l(e,t);if("object"!=typeof e||null===e)throw new Error("bindActionCreators expected an object or a function, instead received "+(null===e?"null":typeof e)+'. Did you write "import ActionCreators from" instead of "import * as ActionCreators from"?');var n={};for(var r in e){var o=e[r];"function"==typeof o&&(n[r]=l(o,t))}return n}function d(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function h(e,t){var n=Object.keys(e);return Object.getOwnPropertySymbols&&n.push.apply(n,Object.getOwnPropertySymbols(e)),t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n}function p(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?h(n,!0).forEach((function(t){d(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):h(n).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function m(){for(var e=arguments.length,t=new Array(e),n=0;n<e;n++)t[n]=arguments[n];return 0===t.length?function(e){return e}:1===t.length?t[0]:t.reduce((function(e,t){return function(){return e(t.apply(void 0,arguments))}}))}function v(){for(var e=arguments.length,t=new Array(e),n=0;n<e;n++)t[n]=arguments[n];return function(e){return function(){var n=e.apply(void 0,arguments),r=function(){throw new Error("Dispatching while constructing your middleware is not allowed. Other middleware would not be applied to this dispatch.")},o={getState:n.getState,dispatch:function(){return r.apply(void 0,arguments)}},i=t.map((function(e){return e(o)}));return p({},n,{dispatch:r=m.apply(void 0,i)(n.dispatch)})}}}},function(e,t,n){"use strict";(function(e,r,o){n.d(t,"c",(function(){return s})),n.d(t,"a",(function(){return c})),n.d(t,"d",(function(){return l})),n.d(t,"e",(function(){return v})),n.d(t,"b",(function(){return g}));var i=n(59);n(117);function a(){return"[object process]"===Object.prototype.toString.call(void 0!==e?e:0)}var u={};function s(){return a()?r:"undefined"!=typeof window?window:"undefined"!=typeof self?self:u}function c(e){var t=s();if(!("console"in t))return e();var n=t.console,r={};["debug","info","warn","error","log","assert"].forEach((function(e){e in t.console&&n[e].__sentry_original__&&(r[e]=n[e],n[e]=n[e].__sentry_original__)}));var o=e();return Object.keys(r).forEach((function(e){n[e]=r[e]})),o}function l(e){try{for(var t=e,n=[],r=0,o=0,i=" > ".length,a=void 0;t&&r++<5&&!("html"===(a=f(t))||r>1&&o+n.length*i+a.length>=80);)n.push(a),o+=a.length,t=t.parentNode;return n.reverse().join(" > ")}catch(e){return"<unknown>"}}function f(e){var t,n,r,o,a,u=e,s=[];if(!u||!u.tagName)return"";if(s.push(u.tagName.toLowerCase()),u.id&&s.push("#"+u.id),(t=u.className)&&Object(i.h)(t))for(n=t.split(/\s+/),a=0;a<n.length;a++)s.push("."+n[a]);var c=["type","name","title","alt"];for(a=0;a<c.length;a++)r=c[a],(o=u.getAttribute(r))&&s.push("["+r+'="'+o+'"]');return s.join("")}var d=Date.now(),h=0,p={now:function(){var e=Date.now()-d;return e<h&&(e=h),h=e,e},timeOrigin:d},m=function(){if(a())try{return(e="perf_hooks",o.require(e)).performance}catch(e){return p}var e,t=s().performance;return t&&t.now?(void 0===t.timeOrigin&&(t.timeOrigin=t.timing&&t.timing.navigationStart||d),t):p}();function v(){return(m.timeOrigin+m.now())/1e3}function g(e){try{return e&&"function"==typeof e&&e.name||"<anonymous>"}catch(e){return"<anonymous>"}}}).call(this,n(139),n(95),n(167)(e))},function(e,t,n){var r=n(122),o=Math.min;e.exports=function(e){return e>0?o(r(e),9007199254740991):0}},function(e,t,n){var r=n(35),o=n(79),i=n(51),a=n(186),u=n(188),s=n(86),c=s.get,l=s.enforce,f=String(String).split("String");(e.exports=function(e,t,n,u){var s=!!u&&!!u.unsafe,c=!!u&&!!u.enumerable,d=!!u&&!!u.noTargetGet;"function"==typeof n&&("string"!=typeof t||i(n,"name")||o(n,"name",t),l(n).source=f.join("string"==typeof t?t:"")),e!==r?(s?!d&&e[t]&&(c=!0):delete e[t],c?e[t]=n:o(e,t,n)):c?e[t]=n:a(t,n)})(Function.prototype,"toString",(function(){return"function"==typeof this&&c(this).source||u(this)}))},function(e,t){e.exports=function(e){if(null==e)throw TypeError("Can't call method on "+e);return e}},function(e,t,n){"use strict";var r=n(271),o=Object.prototype.toString;function i(e){return"[object Array]"===o.call(e)}function a(e){return void 0===e}function u(e){return null!==e&&"object"==typeof e}function s(e){return"[object Function]"===o.call(e)}function c(e,t){if(null!=e)if("object"!=typeof e&&(e=[e]),i(e))for(var n=0,r=e.length;n<r;n++)t.call(null,e[n],n,e);else for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.call(null,e[o],o,e)}e.exports={isArray:i,isArrayBuffer:function(e){return"[object ArrayBuffer]"===o.call(e)},isBuffer:function(e){return null!==e&&!a(e)&&null!==e.constructor&&!a(e.constructor)&&"function"==typeof e.constructor.isBuffer&&e.constructor.isBuffer(e)},isFormData:function(e){return"undefined"!=typeof FormData&&e instanceof FormData},isArrayBufferView:function(e){return"undefined"!=typeof ArrayBuffer&&ArrayBuffer.isView?ArrayBuffer.isView(e):e&&e.buffer&&e.buffer instanceof ArrayBuffer},isString:function(e){return"string"==typeof e},isNumber:function(e){return"number"==typeof e},isObject:u,isUndefined:a,isDate:function(e){return"[object Date]"===o.call(e)},isFile:function(e){return"[object File]"===o.call(e)},isBlob:function(e){return"[object Blob]"===o.call(e)},isFunction:s,isStream:function(e){return u(e)&&s(e.pipe)},isURLSearchParams:function(e){return"undefined"!=typeof URLSearchParams&&e instanceof URLSearchParams},isStandardBrowserEnv:function(){return("undefined"==typeof navigator||"ReactNative"!==navigator.product&&"NativeScript"!==navigator.product&&"NS"!==navigator.product)&&("undefined"!=typeof window&&"undefined"!=typeof document)},forEach:c,merge:function e(){var t={};function n(n,r){"object"==typeof t[r]&&"object"==typeof n?t[r]=e(t[r],n):t[r]=n}for(var r=0,o=arguments.length;r<o;r++)c(arguments[r],n);return t},deepMerge:function e(){var t={};function n(n,r){"object"==typeof t[r]&&"object"==typeof n?t[r]=e(t[r],n):t[r]="object"==typeof n?e({},n):n}for(var r=0,o=arguments.length;r<o;r++)c(arguments[r],n);return t},extend:function(e,t,n){return c(t,(function(t,o){e[o]=n&&"function"==typeof t?r(t,n):t})),e},trim:function(e){return e.replace(/^\s*/[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /* "+this._i+" */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /** * Copyright (c) 2013-present, Facebook, Inc. * * This source code is licensed under the MIT license found in the * LICENSE file in the root directory of this source tree. */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /** * https://github.com/cho45/micro-location.js * (c) cho45 http://cho45.github.com/mit-license */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /* * Copyright 2011 Mozilla Foundation and contributors * Licensed under the New BSD license. See LICENSE or: * http://opensource.org/licenses/BSD-3-Clause */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /*$/))return t;++n}return Array(n+1).join("../")+t.substr(e.length+1)};var u=!("__proto__"in Object.create(null));function s(e){return e}function c(e){if(!e)return!1;var t=e.length;if(t<9)return!1;if(95!==e.charCodeAt(t-1)||95!==e.charCodeAt(t-2)||111!==e.charCodeAt(t-3)||116!==e.charCodeAt(t-4)||111!==e.charCodeAt(t-5)||114!==e.charCodeAt(t-6)||112!==e.charCodeAt(t-7)||95!==e.charCodeAt(t-8)||95!==e.charCodeAt(t-9))return!1;for(var n=t-10;n>=0;n--)if(36!==e.charCodeAt(n))return!1;return!0}function l(e,t){return e===t?0:e>t?1:-1}t.toSetString=u?s:function(e){return c(e)?"$"+e:e},t.fromSetString=u?s:function(e){return c(e)?e.slice(1):e},t.compareByOriginalPositions=function(e,t,n){var r=e.source-t.source;return 0!==r||0!==(r=e.originalLine-t.originalLine)||0!==(r=e.originalColumn-t.originalColumn)||n||0!==(r=e.generatedColumn-t.generatedColumn)||0!==(r=e.generatedLine-t.generatedLine)?r:e.name-t.name},t.compareByGeneratedPositionsDeflated=function(e,t,n){var r=e.generatedLine-t.generatedLine;return 0!==r||0!==(r=e.generatedColumn-t.generatedColumn)||n||0!==(r=e.source-t.source)||0!==(r=e.originalLine-t.originalLine)||0!==(r=e.originalColumn-t.originalColumn)?r:e.name-t.name},t.compareByGeneratedPositionsInflated=function(e,t){var n=e.generatedLine-t.generatedLine;return 0!==n||0!==(n=e.generatedColumn-t.generatedColumn)||0!==(n=l(e.source,t.source))||0!==(n=e.originalLine-t.originalLine)||0!==(n=e.originalColumn-t.originalColumn)?n:l(e.name,t.name)}},function(e,t,n){var r=n(244),o=n(191);e.exports=Object.keys||function(e){return r(e,o)}},function(e,t){e.exports=function(e,t,n){if(!(e instanceof t))throw TypeError("Incorrect "+(n?n+" ":"")+"invocation");return e}},function(e,t){e.exports={}},function(e,t,n){n(9),n(22),n(17),n(52),t.__esModule=!0,t.default=void 0;var r=function(e){for(var t={},n=e.split("&"),r=n.length,o=0;o<r;o++)if(n[o].match(/[=]/)){var i=n[o].split("="),a=decodeURIComponent(i[0]),u=i[1].replace(/\+/g," ");t[a]||(t[a]=[]),t[a].push(decodeURIComponent(u))}return t};t.default=r},,function(e,t,n){"use strict";var r=n(24),o=n(97).some,i=n(124),a=n(68),u=i("some"),s=a("some");r({target:"Array",proto:!0,forced:!u||!s},{some:function(e){return o(this,e,arguments.length>1?arguments[1]:void 0)}})},,,,function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var r,o=n(585),i=(r=o)&&r.__esModule?r:{default:r};t.default=i.default,e.exports=t.default},,,function(e,t,n){n(34),n(9),n(17),t.__esModule=!0,t.trimString=void 0;t.trimString=function(e,t){var n=e.replace(/\s+/g," ");return n.length>t?n.slice(0,t-1).replace(/[\uD800-\uDBFF]$/,"")+"…":n}},,function(e,t,n){e.exports=n(455)},function(e,t,n){"use strict";n.d(t,"a",(function(){return i}));var r,o=n(43);!function(e){e.PENDING="PENDING",e.RESOLVED="RESOLVED",e.REJECTED="REJECTED"}(r||(r={}));var i=function(){function e(e){var t=this;this._state=r.PENDING,this._handlers=[],this._resolve=function(e){t._setResult(r.RESOLVED,e)},this._reject=function(e){t._setResult(r.REJECTED,e)},this._setResult=function(e,n){t._state===r.PENDING&&(Object(o.m)(n)?n.then(t._resolve,t._reject):(t._state=e,t._value=n,t._executeHandlers()))},this._attachHandler=function(e){t._handlers=t._handlers.concat(e),t._executeHandlers()},this._executeHandlers=function(){t._state!==r.PENDING&&(t._state===r.REJECTED?t._handlers.forEach((function(e){e.onrejected&&e.onrejected(t._value)})):t._handlers.forEach((function(e){e.onfulfilled&&e.onfulfilled(t._value)})),t._handlers=[])};try{e(this._resolve,this._reject)}catch(e){this._reject(e)}}return e.prototype.toString=function(){return"[object SyncPromise]"},e.resolve=function(t){return new e((function(e){e(t)}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.all=function(t){return new e((function(n,r){if(Array.isArray(t))if(0!==t.length){var o=t.length,i=[];t.forEach((function(t,a){e.resolve(t).then((function(e){i[a]=e,0===(o-=1)&&n(i)})).then(null,r)}))}else n([]);else r(new TypeError("Promise.all requires an array as input."))}))},e.prototype.then=function(t,n){var r=this;return new e((function(e,o){r._attachHandler({onfulfilled:function(n){if(t)try{return void e(t(n))}catch(e){return void o(e)}else e(n)},onrejected:function(t){if(n)try{return void e(n(t))}catch(e){return void o(e)}else o(t)}})}))},e.prototype.catch=function(e){return this.then((function(e){return e}),e)},e.prototype.finally=function(t){var n=this;return new e((function(e,r){var o,i;return n.then((function(e){i=!1,o=e,t&&t()}),(function(e){i=!0,o=e,t&&t()})).then((function(){i?r(o):e(o)}))}))},e}()},function(e,t,n){var r=n(36),o=n(107),i=n(58),a=r("unscopables"),u=Array.prototype;null==u[a]&&i.f(u,a,{configurable:!0,value:o(null)}),e.exports=function(e){u[a][e]=!0}},,function(e,t){var n=0,r=Math.random();e.exports=function(e){return"Symbol("+String(void 0===e?"":e)+")_"+(++n+r).toString(36)}},function(e,t,n){var r=n(185),o=n(159),i=r("keys");e.exports=function(e){return i[e]||(i[e]=o(e))}},function(e,t,n){"use strict";var r={}.propertyIsEnumerable,o=Object.getOwnPropertyDescriptor,i=o&&!r.call({1:2},1);t.f=i?function(e){var t=o(this,e);return!!t&&t.enumerable}:r},function(e,t,n){"use strict";var r,o,i=n(193),a=n(245),u=RegExp.prototype.exec,s=String.prototype.replace,c=u,l=(r=/a/,o=/b*/[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /*! * JavaScript Cookie v2.1.4 * https://github.com/js-cookie/js-cookie * * Copyright 2006, 2015 Klaus Hartl & Fagner Brack * Released under the MIT license */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /** * Copyright 2015, Yahoo! Inc. * Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /* * Copyright 2011 Mozilla Foundation and contributors * Licensed under the New BSD license. See LICENSE or: * http://opensource.org/licenses/BSD-3-Clause */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /* * Copyright 2011 Mozilla Foundation and contributors * Licensed under the New BSD license. See LICENSE or: * http://opensource.org/licenses/BSD-3-Clause * * Based on the Base 64 VLQ implementation in Closure Compiler: * https://code.google.com/p/closure-compiler/source/browse/trunk/src/com/google/debugging/sourcemap/Base64VLQ.java * * Copyright 2011 The Closure Compiler Authors. All rights reserved. * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of Google Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /* * Copyright 2011 Mozilla Foundation and contributors * Licensed under the New BSD license. See LICENSE or: * http://opensource.org/licenses/BSD-3-Clause */[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /*object-assign(c) Sindre Sorhus@license MIT*/[https://cdn.blog.st-hatena.com/js/vendor.js?version=fef36b58fdf1f97588f50a0cf1c7b72b93cf2eda&env=production]
  • /* <system section="'+e+'" selected="'+t.selected+'"> */[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • /* </system> */[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
  • /* PLEASE DO NOT COPY AND PASTE THIS CODE. */[https://www.google.com/recaptcha/api.js]
  • /*! License information is available at dmp.licenses.txt */[https://cdn.pool.st-hatena.com/valve/dmp.js]
  • /*! 674c77b released at 10/14/2020, 6:41:14 AM UTC */[https://cdn.pool.st-hatena.com/valve/dmp.js]
  • /*! * @overview es6-promise - a tiny implementation of Promises/A+. * @copyright Copyright (c) 2014 Yehuda Katz, Tom Dale, Stefan Penner and contributors (Conversion to ES6 API by Jake Archibald) * @license Licensed under MIT license * See https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE * @version v4.2.8+1e68dce6 */[https://cdn.pool.st-hatena.com/valve/dmp.js]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log(this.tag+" "+this.ensureStringMessage(e))},e.prototype.warn=function(e){this.enabled&&console.warn(this.tag+" "+this.ensureStringMessage(e))},e.prototype.error=function(e){this.enabled&&console.error(this.tag+" "+this.ensureStringMessage(e))},e.prototype.ensureStringMessage=function(e){return"function"==typeof e?e():e instanceof Error?e.toString():e},e.prototype.lognow=function(e){if(this.enabled){var t=this.usePerformanceNow?performance.now():"<none>";console.log(this.tag+" "+this.ensureStringMessage(e)+" at "+t)}},e.prototype.time=function(e){this.enabled&&(this.timers[e]=Date.now())},e.prototype.timeEnd=function(e){if(this.enabled&&this.timers[e]){var t=Date.now()-this.timers[e];console.log(this.tag+" "+e+" taken "+t.toString()+" ms"),delete this.timers[e]}},e}();[https://cdn.pool.st-hatena.com/valve/valve.js]
  • console.log('Audience Network [").concat(e,"] ad loaded');[https://cdn.pool.st-hatena.com/valve/valve.js]
  • console.log('Audience Network [").concat(e,"] error (' + errorCode + ') ' + errorMessage);[https://cdn.pool.st-hatena.com/valve/valve.js]
  • console.log(args.join(', '));[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • console.log((new Date()).getTime() - time + 'msec');[https://s.hatena.ne.jp/js/HatenaStar.js?20191001]
  • console.log("ValveDMP: IntimateMerger login beacon requested")),u.appendScript("//dmp.im-apps.net/js/6604/0001/itm.js").then((function(){t.config.debug&&console.log("ValveDMP: IntimateMerger inserted")})).catch((function(e){t.config.debug&&console.error(e)}))},t}();[https://cdn.pool.st-hatena.com/valve/dmp.js]
  • console.log("ValveDMP: "+this.platform+" <- [ "+t.map((function(t){return t.parameter})).join(", ")+" ]")},t}();[https://cdn.pool.st-hatena.com/valve/dmp.js]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • document.write(e),t.contentWindow.document.close()}}function ve(e,t){var n=A.createTrackPixelIframeHtml(e,!1,"allow-scripts allow-same-origin"),r=document.createElement("div");[https://cdn.pool.st-hatena.com/valve/valve.js]
  • document.write("");[https://platform.twitter.com/widgets.js]
  • eval('(' + json + ')');[https://b.st-hatena.com/js/bookmark_button.js]
  • insertAdjacentHTML("beforeend",u),this.element.classList.add("is-uploading")}else this.element.classList.remove("is-uploading")},t.listenTo=function(e,t,n){var r=this;this.isUploading=!0;var o=0,a=0,s=function(e){r.barWidth=Math.min(e,100)+"%",r.percent=i.default.text("uploading"),r.render()};e.on("error",(function(e){clearInterval(o),r.element.parentNode&&r.element.parentNode.removeChild(r.element),t.emit("error",e)})),e.on("disk_full",(function(e){clearInterval(o),r.element.parentNode&&r.element.parentNode.removeChild(r.element),t.emit("disk_full",e)})),e.on("progress",(function(e){var t=.9*e.percent;100===e.percent?(clearInterval(o),o=window.setInterval((function(){s(t+(a+=.1))}),100)):s(t)})),e.on("success",(function(e){clearInterval(o),r.isUploading=!1,r.image=e.image,r.attributes=n(e),r.render(),t.emit("success",e)}))},e}();[https://cdn.blog.st-hatena.com/js/hatenablog.js?version=d44b1a9b70a9f58b34a3bb2fadac36cb7df09ee1&env=production]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
Entry is not found - xwatchvn’s diary