Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
194.167.18.155
Report Time:
01 Apr 2020 15:03:00 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open('', 'preview', options.previewInWindow);[http://lyc21-carnot.ac-dijon.fr/plugins-dist/porte_plume/javascript/jquery.markitup_pour_spip.js?1569930618]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* <![CDATA[ */[http://lyc21-carnot.ac-dijon.fr/]
  • /* ]]> */[http://lyc21-carnot.ac-dijon.fr/]
  • /*! * jQuery JavaScript Library v3.2.1 * https://jquery.com/ * * Includes Sizzle.js * https://sizzlejs.com/ * * Copyright JS Foundation and other contributors * Released under the MIT license * https://jquery.org/license * * Date: 2017-03-20T18:59Z */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* global Symbol */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* eslint-disable no-unused-vars */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /*! * Sizzle CSS Selector Engine v2.3.3 * https://sizzlejs.com/ * * Copyright jQuery Foundation and other contributors * Released under the MIT license * http://jquery.org/license * * Date: 2016-08-08 */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Create key-value caches of limited size * @returns {function(string, object)} Returns the Object data after storing it on itself with * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) * deleting the oldest entry */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Mark a function for special use by Sizzle * @param {Function} fn The function to mark */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Support testing using an element * @param {Function} fn Passed the created element and returns a boolean result */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Adds the same handler for all of the specified attrs * @param {String} attrs Pipe-separated list of attributes * @param {Function} handler The method that will be applied */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Checks document order of two siblings * @param {Element} a * @param {Element} b * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Returns a function to use in pseudos for input types * @param {String} type */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Returns a function to use in pseudos for buttons * @param {String} type */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Returns a function to use in pseudos for :enabled/:disabled * @param {Boolean} disabled true for :disabled; false for :enabled */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* jshint -W018 */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Returns a function to use in pseudos for positionals * @param {Function} fn */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Checks a node for validity as a Sizzle context * @param {Element|Object=} context * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Detects XML nodes * @param {Element|Object} elem An element or a document * @returns {Boolean} True iff elem is a non-HTML XML node */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Sets document-related variables once based on the current document * @param {Element|Object} [doc] An element or document object to use to set the document * @returns {Object} Returns the current document */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* Attributes ---------------------------------------------------------------------- */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* getElement(s)By* ---------------------------------------------------------------------- */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* QSA/matchesSelector ---------------------------------------------------------------------- */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* Contains ---------------------------------------------------------------------- */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* Sorting ---------------------------------------------------------------------- */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Document sorting and removing duplicates * @param {ArrayLike} results */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Utility function for retrieving the text value of an array of DOM nodes * @param {Array|Element} elem */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* matches from matchExpr["CHILD"] 1 type (only|nth|...) 2 what (child|of-type) 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) 4 xn-component of xn+y argument ([+-]?\d*n|) 5 sign of xn-component 6 x of xn-component 7 sign of y-component 8 y of y-component */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* Internal Use Only */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * A low-level selection function that works with Sizzle's compiled * selector functions * @param {String|Function} selector A selector or a pre-compiled * selector function built with Sizzle.compile * @param {Element} context * @param {Array} [results] * @param {Array} [seed] A set of elements to match against */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* * Create a callback list using the following parameters: * * options: an optional list of space-separated options that will change how * the callback list behaves or a more traditional option object * * By default a callback list will act like an event callback list and can be * "fired" multiple times. * * Possible options: * * once: will ensure the callback list can only be fired once (like a Deferred) * * memory: will keep track of previous values and will call any callback added * after the list has been fired right away with the latest "memorized" * values (like a Deferred) * * unique: will ensure a callback can only be added once (no duplicate in the list) * * stopOnFalse: interrupt callings when a callback returns false * */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* fnDone, fnFail, fnProgress */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* * Helper functions for managing events -- not part of the public interface. * Props to Dean Edwards' addEvent library for many of the ideas. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* eslint-disable max-len */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* eslint-enable */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* eslint-disable no-loop-func */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* eslint-enable no-loop-func */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* eslint no-unused-expressions: "off" */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* eslint no-unused-expressions: "off" */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* eslint-disable no-cond-assign */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* eslint-enable no-cond-assign */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* Prefilters * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example) * 2) These are called: * - BEFORE asking for a transport * - AFTER param serialization (s.data is a string if s.processData is true) * 3) key is the dataType * 4) the catchall symbol "*" can be used * 5) execution will start with transport dataType and THEN continue down to "*" if needed */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* Transports bindings * 1) key is the dataType * 2) the catchall symbol "*" can be used * 3) selection will start with transport dataType and THEN go to "*" if needed */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* Handles responses to an ajax request: * - finds the right dataType (mediates between content-type and expected dataType) * - returns the corresponding response */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* Chain conversions given the request and the original response * Also sets the responseXXX fields on the jqXHR instance */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /* timeout: 0, data: null, dataType: null, username: null, password: null, cache: null, throws: false, traditional: false, headers: {}, */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /** * Load a url into a page */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.js?1569930633]
  • /*! * jQuery Migrate - v3.0.1 - 2017-09-26 * Copyright jQuery Foundation and other contributors */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery-migrate-3.0.1.js?1569930633]
  • /* exported migrateWarn, migrateWarnFunc, migrateWarnProp */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery-migrate-3.0.1.js?1569930633]
  • /* fnDone, fnFail, fnProgress */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery-migrate-3.0.1.js?1569930633]
  • /*! * jQuery Form Plugin * version: 4.2.2 * Requires jQuery v1.7.2 or later * Project repository: https://github.com/jquery-form/form * Copyright 2017 Kevin Morris * Copyright 2006 M. Alsup * Dual licensed under the LGPL-2.1+ or MIT licenses * https://github.com/jquery-form/form#license * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* global ActiveXObject */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* eslint-disable */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* eslint-enable */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* Usage Note: ----------- Do not use both ajaxSubmit and ajaxForm on the same form. These functions are mutually exclusive. Use ajaxSubmit if you want to bind your own submit handler to the form. For example, $(document).ready(function() { $('#myForm').on('submit', function(e) { e.preventDefault(); // <-- important $(this).ajaxSubmit({ target: '#output' }); }); }); Use ajaxForm when you want the plugin to manage all the event binding for you. For example, $(document).ready(function() { $('#myForm').ajaxForm({ target: '#output' }); }); You can also use ajaxForm with delegation (requires jQuery v1.7+), so the form does not have to exist when you invoke ajaxForm: $('#myForm').ajaxForm({ delegation: true, target: '#output' }); When using ajaxForm, the ajaxSubmit function will be invoked for you at the appropriate time. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * Feature detection */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * ajaxSubmit() provides a mechanism for immediately submitting * an HTML form using AJAX. * * @param {object|string} options jquery.form.js parameters or custom url for submission * @param {object} data extraData * @param {string} dataType ajax dataType * @param {function} onSuccess ajax success callback function */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* eslint consistent-this: ["error", "$form"] */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* event.position is deprecated */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* it looks like contentWindow or contentDocument do not * carry the protocol property in ie8, when running under ssl * frame.document is the only valid response document, since * the protocol is know but not on the other two objects. strange? * "Same origin policy" http://en.wikipedia.org/wiki/Same_origin_policy */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* jslint evil:true */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * ajaxForm() provides a mechanism for fully automating form submission. * * The advantages of using this method instead of ajaxSubmit() are: * * 1: This method will include coordinates for <input type="image"> elements (if the element * is used to submit the form). * 2. This method will include the submit element's name/value data (for the element that was * used to submit the form). * 3. This method binds the submit() method to the form for you. * * The options argument for ajaxForm works exactly as it does for ajaxSubmit. ajaxForm merely * passes the options argument along after properly binding events for submit elements and * the form itself. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* jshint validthis:true */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* jshint validthis:true */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * formToArray() gathers form element data into an array of objects that can * be passed to any of the following ajax functions: $.get, $.post, or load. * Each object in the array has both a 'name' and 'value' property. An example of * an array for a simple login form might be: * * [ { name: 'username', value: 'jresig' }, { name: 'password', value: 'secret' } ] * * It is this array that is passed to pre-submit callback functions provided to the * ajaxSubmit() and ajaxForm() methods. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * Serializes form data into a 'submittable' string. This method will return a string * in the format: name1=value1&name2=value2 */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * Serializes all field elements in the jQuery object into a query string. * This method will return a string in the format: name1=value1&name2=value2 */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * Returns the value(s) of the element in the matched set. For example, consider the following form: * * <form><fieldset> * <input name="A" type="text"> * <input name="A" type="text"> * <input name="B" type="checkbox" value="B1"> * <input name="B" type="checkbox" value="B2"> * <input name="C" type="radio" value="C1"> * <input name="C" type="radio" value="C2"> * </fieldset></form> * * var v = $('input[type=text]').fieldValue(); * // if no values are entered into the text inputs * v === ['',''] * // if values entered into the text inputs are 'foo' and 'bar' * v === ['foo','bar'] * * var v = $('input[type=checkbox]').fieldValue(); * // if neither checkbox is checked * v === undefined * // if both checkboxes are checked * v === ['B1', 'B2'] * * var v = $('input[type=radio]').fieldValue(); * // if neither radio is checked * v === undefined * // if first radio is checked * v === ['C1'] * * The successful argument controls whether or not the field element must be 'successful' * (per http://www.w3.org/TR/html4/interact/forms.html#successful-controls). * The default value of the successful argument is true. If this value is false the value(s) * for each element is returned. * * Note: This method *always* returns an array. If no valid value can be determined the * array will be empty, otherwise it will contain one or more values. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * Returns the value of the field element. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* eslint-disable no-mixed-operators */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /* eslint-enable no-mixed-operators */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * Clears the form data. Takes the following actions on the form's input fields: * - input text fields will have their 'value' property set to the empty string * - select elements will have their 'selectedIndex' property set to -1 * - checkbox and radio inputs will have their 'checked' property set to false * - inputs of type submit, button, reset, and hidden will *not* be effected * - button elements will *not* be effected */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * Clears the selected form elements. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * Resets the form data or individual elements. Takes the following actions * on the selected tags: * - all fields within form elements will be reset to their original value * - input / textarea / select fields will be reset to their original value * - option / optgroup fields (for multi-selects) will defaulted individually * - non-multiple options will find the right select to default * - label elements will be searched against its 'for' attribute * - all others will be searched for appropriate children to default */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * Enables or disables any matching elements. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * Checks/unchecks any matching checkboxes or radio buttons and * selects/deselects and matching option elements. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • /** * autosave plugin * * Copyright (c) 2009-2016 Fil (fil@rezo.net) * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu.org/licenses/gpl.html * */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.autosave.js?1569930633]
  • /* * Usage: $("form").autosave({options...}); * to use with SPIP's action/session.php */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.autosave.js?1569930633]
  • /* trop agressif : exemple du submit previsu forum, ou des submit suivant/precedent d'un cvt multipage on sauvegarde toujours, et le serveur videra quand il faudra */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.autosave.js?1569930633]
  • /*$(this).removeClass('autosavechanged')*/[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.autosave.js?1569930633]
  • /*** Placeholder label* https://github.com/AbleTech/jquery.placeholder-label** Copyright (c) 2010 Able Technology Consulting Limited* http://www.abletech.co.nz/*/[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.placeholder-label.js?1569930633]
  • /** * OnAjaxLoad allow to * add a function to the list of those * to be executed on ajax load complete * * most of time function f is applied on the loaded data * if not known, the whole document is targetted * * @param function f */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * Call the functions that have been added to onAjaxLoad * @param root */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /* jQuery.browser */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * if not fully visible, scroll the page to position * target block at the top of page * if force = true, allways scroll * * @param bool force */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * rechargement ajax d'un formulaire dynamique implemente par formulaires/xxx.html * @param target */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /*, iframe: jQuery.browser.msie*/[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * rechargement ajax d'une noisette implementee par {ajax} * selecteur personalise, sera defini par defaut a '.pagination a,a.ajax' */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * mise en cache des url. Il suffit de vider cete variable pour vider le cache */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * Afficher dans la page * le html d'un bloc ajax charge * @param object blocfrag * @param string c * @param string href * @param bool history */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * Charger un bloc ajax represente par l'objet jQuery blocajax qui le pointe * avec la requete ajax url, qui represente le lien href * @param object blocfrag * bloc cible * @param string url * url pour la requete ajax * @param string href * url du lien clique * @param object options * bool force : pour forcer la requete sans utiliser le cache * function callback : callback au retour du chargement * bool history : prendre en charge l'histrisation dans l'url */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * Calculer l'url ajax a partir de l'url du lien * et de la variable d'environnement du bloc ajax * passe aussi l'ancre eventuelle sous forme d'une variable * pour que le serveur puisse la prendre en compte * et la propager jusqu'a la reponse * sous la forme d'un lien cache * * @param string href * @param string ajax_env */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * fonction appelee sur l'evenement ajaxReload d'un bloc ajax * que l'on declenche quand on veut forcer sa mise a jour * * @param object blocfrag * @param object options * callback : fonction appelee apres le rechargement * href : url to load instead of origin url * args : arguments passes a l'url rechargee (permet une modif du contexte) * history : bool to specify if navigation history is modified by reload or not (false if not provided) */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * fonction appelee sur l'evenement click d'un lien ajax * * @param object blocfrag * objet jQuery qui cible le bloc ajax contenant * @param string href * url du lien a suivre * @param object options * force : pour interdire l'utilisation du cache * history : pour interdire la mise en historique */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * Implementer le comportemant des liens ajax * et boutons post ajax qui se comportent * comme un lien ajax */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /*, iframe: jQuery.browser.msie*/[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * Suivre un lien en simulant le click sur le lien * Si le lien est ajax, on se contente de declencher l'evenement click() * Si le lien est non ajax, on finit en remplacant l'url de la page */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * Recharger un bloc ajax pour le mettre a jour * ajaxid est l'id passe en argument de INCLURE{ajax=ajaxid} * options permet de definir une callbackk ou de passer des arguments a l'url * au rechargement * ajaxReload peut s'utiliser en passant un id : * ajaxReload('xx'); * ou sur un objet jQuery * jQuery(this).ajaxReload(); * Dans ce dernier cas, le plus petit conteneur ajax est recharge * * @param string ajaxid * @param object options * callback : callback after reloading * href : url to load instead of origin url * args : {arg:value,...} to pass tu the url * history : bool to specify if navigation history is modified by reload or not (false if not provided) */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * Variante jQuery de ajaxReload pour la syntaxe * jQuery(..).ajaxReload(); * cf doc ci-dessus * @param options */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * animation du bloc cible pour faire patienter * */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * Fin de l'animation * l'argument permet de forcer le raz du contenu si il est inchange * @param hard */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * animation d'un item que l'on supprime : * ajout de la classe remove avec un background tire de cette classe * puis fading vers opacity 0 * quand l'element est masque, on retire les classes et css inline * * @param function callback * */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * animation d'un item que l'on ajoute : * ajout de la classe append * fading vers opacity 1 avec background herite de la classe append, * puis suppression progressive du background pour revenir a la valeur heritee * * @param function callback */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /** * Equivalent js de parametre_url php de spip * * Exemples : * parametre_url(url,suite,18) (ajout) * parametre_url(url,suite,'') (supprime) * parametre_url(url,suite) (lit la valeur suite) * parametre_url(url,suite[],1) (tableau valeurs multiples) * @param url * url * @param c * champ * @param v * valeur * @param sep * separateur '&' par defaut * @param force_vide * si true et v='' insere &k= dans l'url au lieu de supprimer le k (false par defaut) * permet de vider une valeur dans une requete ajax (dans un reload) */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /* Pour les tableaux ont laisse tomber les valeurs de départ, on remplira à l'étape suivante */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • /*! * JavaScript Cookie v2.1.4 * https://github.com/js-cookie/js-cookie * * Copyright 2006, 2015 Klaus Hartl & Fagner Brack * Released under the MIT license */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/js.cookie.js?1569930633]
  • /*! * Rétro Compatibilité entre l'ancien plugin jQuery Cookie * et le nouveau JS Cookie. */[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.cookie.js?1569930633]
  • /*! Colorbox 1.6.4 license: MIT http://www.jacklmoore.com/colorbox*/[http://lyc21-carnot.ac-dijon.fr/plugins-dist/mediabox/javascript/jquery.colorbox.js?1569930615]
  • /* initialiser maintenant si box_settings est deja la * nb en cas de defer sur le chargement du scipt javascript principal */[http://lyc21-carnot.ac-dijon.fr/plugins-dist/mediabox/javascript/spip.mediabox.js?1569930615]
  • /* * overlayClose: (Boolean:false) Allow click on overlay to close the dialog? * iframe: (Boolean:false) Open box in iframe * minHeight: (Number:200) The minimum height for the container * minWidth: (Number:200) The minimum width for the container * maxHeight: (Number:null) The maximum height for the container. If not specified, the window height is used. * maxWidth: (Number:null) The maximum width for the container. If not specified, the window width is used. * autoResize: (Boolean:false) Resize container on window resize? Use with caution - this may have undesirable side-effects. * onOpen: (Function:null) The callback function used in place of SimpleModal's open * onShow: (Function:null) The callback function used after the modal dialog has opened * onClose: (Function:null) The callback function used in place of SimpleModal's close */[http://lyc21-carnot.ac-dijon.fr/plugins-dist/mediabox/javascript/spip.mediabox.js?1569930615]
  • /* * Le code original de markitup 1.1.15 * a ete modifie pour prendre en compte * * 1) la langue utilisee dans les textarea : * - si un textarea possede un attribut lang='xx' alors * markitup n'affichera que les icones qui correspondent a cette langue * - on peut passer une valeur de langue par defaut a markitup (le textarea peut ne pas en definir) * .markitup(set_spip,{lang:'fr'}); * - une option supplementaire optionnelle 'lang' est introduite dans les parametres * des boutons (markupset), par exemple : lang:['fr','es','en'] * - si un bouton n'a pas ce parametre, l'icone s'affiche * quelque soit la langue designee dans le textarea ou les parametres de markitup ; * sinon, il faut que la langue soit contenue dedans pour que l'icone s'affiche. * 2) gerer des types de selections differentes : * - normales comme dans markitup (rien a faire) * - 'selectionType':'word' : aux mots le plus proche si pas de selection (sinon la selection) * - 'selectionType':'line' : aux lignes les plus proches * - and 'return' : ugly hack to generate list (and so on) on key 'return' press * * 3) eviter a Opera de gerer les evenements apres tabulation ou entree... * il ne sait pas gerer (v11.51) * * 4) ajout d'un <em> supplémentaire sur le html des boutons de la barre d'outil, pour des histoires de sprites */[http://lyc21-carnot.ac-dijon.fr/plugins-dist/porte_plume/javascript/jquery.markitup_pour_spip.js?1569930618]
  • /* set */[http://lyc21-carnot.ac-dijon.fr/plugins-dist/porte_plume/javascript/jquery.markitup_pour_spip.js?1569930618]
  • /* #PRODUIRE{fond=javascript/porte_plume_start.js,lang=fr,hash=30f81a19fa05190ba81632a6571b80b3} md5:d4a040bead4f65703dea70ff9538294e */[http://lyc21-carnot.ac-dijon.fr/local/cache-js/jsdyn-javascript_porte_plume_start_js-a0458f78.js?1579683550]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log( "JQMIGRATE: jQuery 3.0.0+ REQUIRED" );[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery-migrate-3.0.1.js?1569930633]
  • console.log( "JQMIGRATE: Migrate plugin loaded multiple times" );[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery-migrate-3.0.1.js?1569930633]
  • console.log(msg);[http://lyc21-carnot.ac-dijon.fr/prive/javascript/jquery.form.js?1569930633]
  • console.log(box_settings);[http://lyc21-carnot.ac-dijon.fr/plugins-dist/mediabox/javascript/spip.mediabox.js?1569930615]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval(jQuery(blocfrag).attr('data-loaded-callback'));[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • eval(jQuery(blocfrag).attr('data-loading-callback'));[http://lyc21-carnot.ac-dijon.fr/prive/javascript/ajaxCallback.js?1569930633]
  • eval(button.call)(e);[http://lyc21-carnot.ac-dijon.fr/plugins-dist/porte_plume/javascript/jquery.markitup_pour_spip.js?1569930618]
  • document.write(data);[http://lyc21-carnot.ac-dijon.fr/plugins-dist/porte_plume/javascript/jquery.markitup_pour_spip.js?1569930618]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)