Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
195.42.73.196
Report Time:
23 Jan 2021 17:54:58 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(url, '', 'status=no,scrollbars=yes,resizable=yes,width='+width+',height='+height+',top='+Math.floor((h - height)/2-14)+',left='+Math.floor((w - width)/2-5));[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • window.open(url, '', 'status=no,scrollbars=yes,resizable=yes,width='+width+',height='+height+',top='+Math.floor((h - height)/2-14)+',left='+Math.floor((w - width)/2-5));[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • window.open(url);[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* /bitrix/js/main/core/core_tooltip.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/core/core_fx.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/core/core_dd.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/core/core_autosave.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/rating_like.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/core/core_popup.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/core/core_date.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/core/core.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/core/core_ajax.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/json/json2.min.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/core/core_ls.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/session.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/core/core_window.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/main/utils.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/core/core.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /**********************************************************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*********** Bitrix JS Core library ver 0.9.0 beta ********************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /**********************************************************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* ready */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* list of registered proxy functions */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* getElementById cache */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* List of denied event handlers */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* list of registered event handlers */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* list of registered custom events */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* list of external garbage collectors */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* list of loaded CSS files */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* list of loaded JS files */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* browser detection */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* regexps */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* OO emulation utility */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* DOM manipulation */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* CSS-notation should be used here */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* params: { tagName|tag : 'tagName', className|class : 'className', attribute : {attribute : value, attribute : value} | attribute | [attribute, attribute....], property : {prop: value, prop: value} | prop | [prop, prop] } all values can be RegExps or strings*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* events */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* custom events */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* BX.addCustomEvent(eventObject, eventName, eventHandler) - set custom event handler for particular object BX.addCustomEvent(eventName, eventHandler) - set custom event handler for all objects*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* shift parameters for short version */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* shift parameters for short version */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* shift parameters for short version */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*eventObject == window || */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* ready */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* browser detection */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* low-level fx funcitons*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* some useful util functions */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* window pos functions */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* non-xhr loadings */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /******* HINT ***************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* ready */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* \ready */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /********* Check for currently loaded core scripts ***********/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* garbage collector */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* for (i = 0, len = proxyList.length; i < len; i++) { try { delete proxyList[i]; proxyList[i] = null; } catch (e) {} }*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* \garbage collector */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/core/core_ajax.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*other parameters: url: url to get/post data: data to post onsuccess: successful request callback. BX.proxy may be used. onfailure: request failure callback. BX.proxy may be used. lsId: local storage id - for constantly updating queries which can communicate via localStorage. core_ls.js neededany of the default parameters can be overridden. defaults can be changed by BX.ajax.Setup() - for all further requests!*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* simple interface */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* load and execute external file script with onload emulation */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* non-xhr loadings */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*arObs = [{ url: url, type: html|script|json|css, callback: function}]*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* ajax form sending */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* user options handling */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/json/json2.min.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/core/core_ls.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* localStorage public interface */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* localStorage prototype */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /************** IE 7 ******************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /************** IE 8 & FF 3.6 ***************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* additional functions */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /***************** initialize *********************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/session.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/core/core_window.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* windows manager */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* base button class */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* base window class */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* dialog window class extends window class */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* standard bitrix dialog extends BX.CWindowDialog */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* arParams = { ( title: 'dialog title', head: 'head block html', content: 'dialog content', icon: 'head icon classname or filename', resize_id: 'some id to save resize information'// useless if resizable = false ) or ( content_url: url to content load loaded content scripts can use BX.WindowManager.Get() to get access to the current window object ) height: window_height_in_pixels, width: window_width_in_pixels, draggable: true|false, resizable: true|false, min_height: min_window_height_in_pixels, // useless if resizable = false min_width: min_window_width_in_pixels, // useless if resizable = false buttons: [ 'html_code', BX.CDialog.btnSave, BX.CDialog.btnCancel, BX.CDialog.btnClose ] }*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*'99% center'*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*BUTTON: { title: 'title', 'action': function executed in window object context}BX.CDialog.btnSave || BX.CDialog.btnCancel - standard buttons*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* special child for admin forms loaded into public page */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* class for dialog window with editors */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* class for wizards in admin section */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* class for auth dialog */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* MENU CLASSES */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* menu opener class */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*{ DOMNode DIV, BX.CMenu or Array MENU, TYPE = 'hover' | 'click', TIMEOUT: 1000 ATTACH_MODE: 'top' | 'right' ACTIVE_CLASS: className for opener element when menu is opened}*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* common menu class */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* if (BX.browser.IsIE() && !BX.browser.IsDoctype()) { pos.top -= 4; pos.bottom -= 4; pos.left -= 2; pos.right -= 2; }*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* components toolbar class */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*, true*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* global page opener class */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*this.isMenuVisible() || this.DIV.style.display == 'none' || */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /******* HINT ***************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*************************** admin informer **********************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/utils.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*alert("Error! jsUtils.EvalGlobal");*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /************************************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*Restrict drag*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*shadow*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /************************************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /************************************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /************************************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /************************************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/core/core_popup.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*========================================Buttons===========================================*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /************** utility *************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/core/core_date.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* PHP to Javascript: time() = new Date() mktime(...) = new Date(...) gmmktime(...) = new Date(Date.UTC(...)) mktime(0,0,0, 1, 1, 1970) != 0 new Date(1970,0,1).getTime() != 0 gmmktime(0,0,0, 1, 1, 1970) == 0 new Date(Date.UTC(1970,0,1)).getTime() == 0 date("d.m.Y H:i:s") = BX.date.format("d.m.Y H:i:s") gmdate("d.m.Y H:i:s") = BX.date.format("d.m.Y H:i:s", null, null, true); */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* 15.04.12 13:00:00 => 15.04.12 13:00 00:01:00 => 00:01 4 may 00:00:00 => 4 may 01-01-12 00:00 => 01-01-12 */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* function creates and returns Javascript Date() object from server timestamp regardless of local browser (system) timezone. For example can be used to convert timestamp from some exact date on server to the JS Date object with the same value. params: { timestamp: timestamp in seconds } */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* function transforms server timestamp (in sec) to javascript timestamp (calculated depend on local browser timezone offset). Returns timestamp in milliseconds. Also see BX.date.getNewDate description. params: { timestamp: timestamp in seconds } */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* function transforms local browser timestamp (in ms) to server timestamp (calculated depend on local browser timezone offset). Returns timestamp in seconds. params: { timestamp: timestamp in milliseconds } */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /************************************** calendar class **********************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*params: { node: bind element || document.body value - start value in site format (using 'field' param if 'value' does not exist) callback - date check handler. can return false to prevent calendar closing. callback_after - another handler, called after date picking field - field to read/write data bTime = true - whether to enable time control bHideTime = false - whether to hide time control by default currentTime - current UTC time()}*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /**************** compatibility hacks ***************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /************ clock popup transferred from timeman **************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/rating_like.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/core/core_tooltip.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*2sec*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*0.5sec*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/core/core_fx.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*options: { start: start value or {param: value, param: value} finish: finish value or {param: value, param: value} time: time to transform in seconds type: linear|accelerated|decelerated|custom func name callback, callback_start, callback_complete, step: time between steps in seconds allowFloat: false|true}*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*type rules of animation - linear - simple linear animation - accelerated - decelerated*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* params: { start_value, finish_value, current_time, total_time }*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /****************** effects realizaion ************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* type = 'fade' || 'scroll' || 'scale' || 'fold'*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*options = { delay: 100, duration : 3000, start : { scroll : document.body.scrollTop, left : 0, opacity : 100 }, finish : { scroll : document.body.scrollHeight, left : 500, opacity : 10 }, transition : BitrixAnimation.makeEaseOut(BitrixAnimation.transitions.quart), step : function(state) { document.body.scrollTop = state.scroll; button.style.left = state.left + "px"; button.style.opacity = state.opacity / 100; }, complete : function() { button.style.background = "green"; }}options ={ delay : 20, duration : 4000, transition : BXAnimation.makeEaseOut(BXAnimation.transitions.quart), progress : function(progress) { document.body.scrollTop = Math.round(topMax * progress); button.style.left = Math.round(leftMax * progress) + "px"; button.style.opacity = (100 + Math.round((opacityMin - 100) * progress)) / 100; }, complete : function() { button.style.background = "green"; }}*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/core/core_dd.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* * BX.DD.dropFiles - for html5 drag and drop files * * example: * * BX(function() { * var dropBoxNode = BX('WebDAV23'); * var dropbox = new BX.DD.dropFiles(dropBoxNode); * if (dropbox && dropbox.supported()) * { * BX.addCustomEvent(dropbox, 'dropFiles', function(files) { WDUploadDroppedFiles(files);}); * BX.addCustomEvent(dropbox, 'dragEnter', function() {BX.addClass( dropBoxNode, 'droptarget');}); * BX.addCustomEvent(dropbox, 'dragLeave', function() {BX.removeClass( dropBoxNode, 'droptarget');}); * } * }); * * to save files use BX.ajax.FormData */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /*'); this.DIV = div; this._timer = null; this._initEvents(); this._cancelLeave = function() { if (this._timer != null) { clearTimeout(this._timer); this._timer = null; } } this._prepareLeave = function() { this._cancelLeave(); this._timer = setTimeout( BX.delegate(function() { BX.onCustomEvent(this, 'dragLeave') }, this), 100); } return this; } return false;}BX.DD.dropFiles.prototype._initEvents = function(){ BX.bind(this.DIV, 'dragover', BX.proxy(this._dragOver, this)); BX.bind(this.DIV, 'dragenter', BX.proxy(this._dragEnter, this)); BX.bind(this.DIV, 'dragleave', BX.proxy(this._dragLeave, this)); BX.bind(this.DIV, 'dragexit', BX.proxy(this._dragExit, this)); BX.bind(this.DIV, 'drop', BX.proxy(this._drop, this));}BX.DD.dropFiles.prototype._dragEnter = function(e){ BX.PreventDefault(e); this._cancelLeave(); BX.onCustomEvent(this, 'dragEnter'); return true;}BX.DD.dropFiles.prototype._dragExit = function(e){ BX.PreventDefault(e); this._prepareLeave(); return false;}BX.DD.dropFiles.prototype._dragLeave = function(e){ BX.PreventDefault(e); this._prepareLeave(); return false;}BX.DD.dropFiles.prototype._dragOver = function(e){ BX.PreventDefault(e); this._cancelLeave(); return true;}BX.DD.dropFiles.prototype._drop = function(e){ BX.PreventDefault(e); var dt = e.dataTransfer; var files = dt.files; BX.onCustomEvent(this, 'dropFiles', [files]); BX.onCustomEvent(this, 'dragLeave') return false;}BX.DD.dropFiles.prototype.isEventSupported = function(event){ var div = BX.create('DIV'); var eventName = 'on'+event; var result = (eventName in div); if (!result && div.setAttribute && div.removeAttribute) { div.setAttribute(eventName, ''); result = (typeof div[eventName] === 'function'); } div = null; return result;}BX.DD.dropFiles.prototype.supported = function(){ return ( (!!window.FileReader) && this.isEventSupported('dragstart') && this.isEventSupported('drop') );}})(window)/* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* Start:/bitrix/js/main/core/core_autosave.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /******************************* AUTOSAVE *********************************/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • /* /bitrix/js/socialservices/ss.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_socialservices/kernel_socialservices.js?14114628211516]
  • /* Start:/bitrix/js/socialservices/ss.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_socialservices/kernel_socialservices.js?14114628211516]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_socialservices/kernel_socialservices.js?14114628211516]
  • /* Start:/bitrix/templates/.default/components/bitrix/menu/horizontal_multilevel1/script.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/template_78f5971173c4320ec9bc7e5ed8eb2693/template_78f5971173c4320ec9bc7e5ed8eb2693_e431101a5afe9bd26ec39bd43edade0a.js?1411462821668]
  • /* End */[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/template_78f5971173c4320ec9bc7e5ed8eb2693/template_78f5971173c4320ec9bc7e5ed8eb2693_e431101a5afe9bd26ec39bd43edade0a.js?1411462821668]
  • /* /bitrix/templates/.default/components/bitrix/menu/horizontal_multilevel1/script.js*/[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/template_78f5971173c4320ec9bc7e5ed8eb2693/template_78f5971173c4320ec9bc7e5ed8eb2693_e431101a5afe9bd26ec39bd43edade0a.js?1411462821668]
  • /*! jQuery v1.7.1 jquery.com | jquery.org/license */[http://izdat.ntckompas.ru/js/jquery-1.7.1.min.js]
  • /*$0*/[http://izdat.ntckompas.ru/js/jquery-1.7.1.min.js]
  • /*$('.selectBox-options li a').hover(function(){ //alert($(this).html()); });*/[http://izdat.ntckompas.ru/js/script.js]
  • /*LC*/[http://izdat.ntckompas.ru/js/script.js]
  • /*-----*/[http://izdat.ntckompas.ru/js/script.js]
  • /*function externalLinks() { links = document.getElementsByTagName("a"); for (i=0; i<links.length; i++) { link = links[i]; if (link.getAttribute("href") && link.getAttribute("rel") == "external") link.target = "_blank"; } } window.onload = externalLinks;*/[http://izdat.ntckompas.ru/js/script.js]
  • /*Validators*/[http://izdat.ntckompas.ru/js/script.js]
  • /*----------*/[http://izdat.ntckompas.ru/js/script.js]
  • /*Choosers*/[http://izdat.ntckompas.ru/js/script.js]
  • /*-------*/[http://izdat.ntckompas.ru/js/script.js]
  • /*Choose univer*/[http://izdat.ntckompas.ru/js/script.js]
  • /*---------------*/[http://izdat.ntckompas.ru/js/script.js]
  • /*Choose univer2*/[http://izdat.ntckompas.ru/js/script.js]
  • /*---------------*/[http://izdat.ntckompas.ru/js/script.js]
  • /*Choose magazine*/[http://izdat.ntckompas.ru/js/script.js]
  • /*---------------*/[http://izdat.ntckompas.ru/js/script.js]
  • /*Choose specialnost*/[http://izdat.ntckompas.ru/js/script.js]
  • /*---------------*/[http://izdat.ntckompas.ru/js/script.js]
  • /*Choose specialnost level*/[http://izdat.ntckompas.ru/js/script.js]
  • /*---------------*/[http://izdat.ntckompas.ru/js/script.js]
  • /*Reg tabs*/[http://izdat.ntckompas.ru/js/script.js]
  • /*$('#two_c').attr('checked', 'false'); $('#three_c').attr('checked', 'false');*/[http://izdat.ntckompas.ru/js/script.js]
  • /*$('#one_c').attr('checked', 'false'); $('#two_c').attr('checked', 'false');*/[http://izdat.ntckompas.ru/js/script.js]
  • /*------*/[http://izdat.ntckompas.ru/js/script.js]
  • /*Articles search*/[http://izdat.ntckompas.ru/js/script.js]
  • /*$('#tab-authors').click(function(){ }); */[http://izdat.ntckompas.ru/js/script.js]
  • /*--------------*/[http://izdat.ntckompas.ru/js/script.js]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log('BX.debug: ', arguments.length > 0 ? arguments : arguments[0]);[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • console.log(o);[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval('result = ' + data);[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • eval('('+text+')');[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • eval(script);[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • eval('_this.INFO = ' + data);[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • document.write(BX.ajax.history.expected_hash);[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • document.write(new_hash);[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • document.write('<' + 'div id="__ajax_hash_collision_' + param_value + '" style="display: none;">');[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
  • document.write('</div>');[http://izdat.ntckompas.ru/bitrix/cache/js/s1/web20/kernel_main/kernel_main.js?1464780934406379]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
Научные издания ФГУП "НТЦ оборонного комплекса «Компас»