Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
192.0.78.12
Report Time:
30 Nov 2020 01:45:21 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open( url, 'likeconn', 'status=0,toolbar=0,location=1,menubar=0,directories=0,resizable=1,scrollbars=1,height=560,width=500' );[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* <![CDATA[ */[https://titangel10.wordpress.com/]
  • /* ]]> */[https://titangel10.wordpress.com/]
  • /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license | WordPress 2019-05-16 */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** The MIT License Copyright (c) 2010 Daniel Park (http://metaweb.com, http://postmessage.freebaseapps.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. **/[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /* target window (required) */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /* target window url (required if no window.postMessage or hash == true) */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /* message type (required) */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /* message data (required) */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /* success callback (optional) */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /* error callback (optional) */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /* postmessage origin (optional) */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /* use location hash for message passing (optional) */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * http://www.JSON.org/json2.js **/[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * This method detects the mobile User Agent name. * * @return string The matched User Agent name, false otherwise. */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detect the blackBerry OS version. * * Note: This is for smartphones only. Do not work on BB tablets. * */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current UA is iPhone Mobile Safari or another iPhone or iPod Touch Browser. */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current device is an iPad. */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current UA is Chrome for iOS * */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current browser is the Native Android browser. * @return boolean true if the browser is Android otherwise false */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current browser is the Native Android Tablet browser. * Assumes 'Android' should be in the user agent, but not 'mobile' * * @return boolean true if the browser is Android and not 'mobile' otherwise false */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current browser is Opera Mobile * * What is the difference between Opera Mobile and Opera Mini? * - Opera Mobile is a full Internet browser for mobile devices. * - Opera Mini always uses a transcoder to convert the page for a small display. * (it uses Opera advanced server compression technology to compress web content before it gets to a device. * The rendering engine is on Opera's server.) * * Opera/9.80 (Windows NT 6.1; Opera Mobi/14316; U; en) Presto/2.7.81 Version/11.00" */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current browser is Opera Mini * * Opera/8.01 (J2ME/MIDP; Opera Mini/3.0.6306/1528; en; U; ssr) * Opera/9.80 (Android;Opera Mini/6.0.24212/24.746 U;en) Presto/2.5.25 Version/10.5454 * Opera/9.80 (iPhone; Opera Mini/5.0.019802/18.738; U; en) Presto/2.4.15 * Opera/9.80 (J2ME/iPhone;Opera Mini/5.0.019802/886; U; ja) Presto/2.4.15 * Opera/9.80 (J2ME/iPhone;Opera Mini/5.0.019802/886; U; ja) Presto/2.4.15 * Opera/9.80 (Series 60; Opera Mini/5.1.22783/23.334; U; en) Presto/2.5.25 Version/10.54 * Opera/9.80 (BlackBerry; Opera Mini/5.1.22303/22.387; U; en) Presto/2.5.25 Version/10.54 * */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * isBlackberry10() can be used to check the User Agent for a BlackBerry 10 device. */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * isBlackberryTablet() can be used to check the User Agent for a RIM blackberry tablet * The user agent of the BlackBerry® Tablet OS follows a format similar to the following: * Mozilla/5.0 (PlayBook; U; RIM Tablet OS 1.0.0; en-US) AppleWebKit/534.8+ (KHTML, like Gecko) Version/0.0.1 Safari/534.8+ * */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current browser is a Windows Phone 7 device. * ex: Mozilla/4.0 (compatible; MSIE 7.0; Windows Phone OS 7.0; Trident/3.1; IEMobile/7.0; LG; GW910) */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current browser is a Windows Phone 8 device. * ex: Mozilla/5.0 (compatible; MSIE 10.0; Windows Phone 8.0; Trident/6.0; ARM; Touch; IEMobile/10.0; <Manufacturer>; <Device> [;<Operator>]) */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * * Detects if the device platform is J2ME. * */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * * Detects if the device platform is the Symbian Series 40. * Nokia Browser for Series 40 is a proxy based browser, previously known as Ovi Browser. * This browser will report 'NokiaBrowser' in the header, however some older version will also report 'OviBrowser'. * */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * * Detects if the device platform is the Symbian Series 60. * */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current browser is the Kindle Fire Native browser. * * Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us; Silk/1.1.0-84) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 Silk-Accelerated=true * Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us; Silk/1.1.0-84) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 Silk-Accelerated=false * * @return boolean true if the browser is Kindle Fire Native browser otherwise false */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current browser is Firefox Mobile (Fennec) * * http://www.userAgentstring.com/pages/Fennec/ * Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.1.1) Gecko/20110415 Firefox/4.0.2pre Fennec/4.0.1 * Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b2pre) Gecko/20081015 Fennec/1.0a1 */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current browser is the native FirefoxOS browser * * Mozilla/5.0 (Mobile; rv:14.0) Gecko/14.0 Firefox/14.0 * */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current UA is Facebook for iPad * - Facebook 4020.0 (iPad; iPhone OS 5.0.1; en_US) * - Mozilla/5.0 (iPad; U; CPU iPhone OS 5_0 like Mac OS X; en_US) AppleWebKit (KHTML, like Gecko) Mobile [FBAN/FBForIPhone;FBAV/4.0.2;FBBV/4020.0;FBDV/iPad2,1;FBMD/iPad;FBSN/iPhone OS;FBSV/5.0;FBSS/1; FBCR/;FBID/tablet;FBLC/en_US;FBSF/1.0] * - Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10A403 [FBAN/FBIOS;FBAV/5.0;FBBV/47423;FBDV/iPad2,1;FBMD/iPad;FBSN/iPhone OS;FBSV/6.0;FBSS/1; FBCR/;FBID/tablet;FBLC/en_US] */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current UA is Facebook for iPhone * - Facebook 4020.0 (iPhone; iPhone OS 5.0.1; fr_FR) * - Mozilla/5.0 (iPhone; U; CPU iPhone OS 5_0 like Mac OS X; en_US) AppleWebKit (KHTML, like Gecko) Mobile [FBAN/FBForIPhone;FBAV/4.0.2;FBBV/4020.0;FBDV/iPhone3,1;FBMD/iPhone;FBSN/iPhone OS;FBSV/5.0;FBSS/2; FBCR/O2;FBID/phone;FBLC/en_US;FBSF/2.0] * - Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9B206 [FBAN/FBIOS;FBAV/5.0;FBBV/47423;FBDV/iPhone3,1;FBMD/iPhone;FBSN/iPhone OS;FBSV/5.1.1;FBSS/2; FBCR/3ITA;FBID/phone;FBLC/en_US] */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current UA is Twitter for iPhone * * Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_5 like Mac OS X; nb-no) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8L1 Twitter for iPhone * Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9B206 Twitter for iPhone */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current UA is Twitter for iPad * * Old version 4.X - Mozilla/5.0 (iPad; U; CPU OS 4_3_5 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8L1 Twitter for iPad * Ver 5.0 or Higher - Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9B206 Twitter for iPhone */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /** * Detects if the current UA is WordPress for iOS */[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • /* Detect-zoom * ----------- * Cross Browser Zoom and Pixel Ratio Detector * Version 1.0.4 | Apr 1 2013 * dual-licensed under the WTFPL and MIT license * Maintained by https://github/tombigel * Original developer https://github.com/yonran */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Use devicePixelRatio if supported by the browser * @return {Number} * @private */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Fallback function to set default values * @return {Object} * @private */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * IE 8 and 9: no trick needed! * TODO: Test on IE10 and Windows 8 RT * @return {Object} * @private **/[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * For IE10 we need to change our technique again... * thanks https://github.com/stefanvanburen * @return {Object} * @private */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Mobile WebKit * the trick: window.innerWIdth is in CSS pixels, while * screen.width and screen.height are in system pixels. * And there are no scrollbars to mess up the measurement. * @return {Object} * @private */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Desktop Webkit * the trick: an element's clientHeight is in CSS pixels, while you can * set its line-height in system pixels using font-size and * -webkit-text-size-adjust:none. * device-pixel-ratio: http://www.webkit.org/blog/55/high-dpi-web-sites/ * * Previous trick (used before http://trac.webkit.org/changeset/100847): * documentElement.scrollWidth is in CSS pixels, while * document.width was in system pixels. Note that this is the * layout width of the document, which is slightly different from viewport * because document width does not include scrollbars and might be wider * due to big elements. * @return {Object} * @private */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * no real trick; device-pixel-ratio is the ratio of device dpi / css dpi. * (Note that this is a different interpretation than Webkit's device * pixel ratio, which is the ratio device dpi / system dpi). * * Also, for Mozilla, there is no difference between the zoom factor and the device ratio. * * @return {Object} * @private */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Firefox 18.x * Mozilla added support for devicePixelRatio to Firefox 18, * but it is affected by the zoom level, so, like in older * Firefox we can't tell if we are in zoom mode or in a device * with a different pixel ratio * @return {Object} * @private */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * works starting Opera 11.11 * the trick: outerWidth is the viewport width including scrollbars in * system px, while innerWidth is the viewport width including scrollbars * in CSS px * @return {Object} * @private */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Use a binary search through media queries to find zoom level in Firefox * @param property * @param unit * @param a * @param b * @param maxIter * @param epsilon * @return {Number} */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Generate detection function * @private */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Ratios.zoom shorthand * @return {Number} Zoom level */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Ratios.devicePxPerCssPx shorthand * @return {Number} devicePxPerCssPx level */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /* * Swipe 2.0 * * Brad Birdsall * Copyright 2013, MIT License **/[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Comment Likes - JavaScript * * This handles liking and unliking comments, as well as viewing who has * liked a particular comment. * * @dependency jQuery * @dependency Swipe * * @package Comment_Likes * @subpackage JavaScript */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Parse the comment ID from a comment like link. */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Handle an ajax action on the comment like link. */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Construct a list (<ul>) of user (gravatar, name) details. * * @param data liker data returned from the server * @param klass CSS class to apply to the <ul> element * @param start index of user to start at * @param length number of users to include in the list * * @return HTML for the list */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Render the display of who has liked this comment. The type of * display depends on how many people have liked the comment. * If more than 10 people have liked the comment, this function * renders navigation controls and sets up the Swipe library for * changing between pages. * * @param link the element over which the user is hovering * @param data the results retrieved from the server */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Render multiple pages of likes with pagination controls. * This function is intended to be called by `show_likes` above. * * @param data the results retrieved from the server */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** Navigation controls. * This is based on the Newdash controls found in * reader/recommendations-templates.php */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** Set up Swipe. **/[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Open the overlay and show a loading message. */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Position the overlay near the current comment. * * @param $link element near which to position the overlay */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Return whether the overlay is visible. */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Request that the overlay be hidden after a short delay. */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Cancel a request to hide the overlay. */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /** * Fetch the like data for a particular comment. */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
  • /* globals JSON */[https://s1.wp.com/_static/??-eJyVjUsOwjAMRC9EMB9RxAJxljSxKidxGtUO4fikO2BRid3ojd4MtGLcnBWzQhDw+CSH5bUPsoOPiqspqU6UBdzM3JFJFFFWJ9EI0qjgP9IX2BAb+QlVAGtv50hokm2gyCVZxR++sWM9UzajXYCtKC49GV2si+v5g+/H4XC+nobbZQhvu9dlwA==]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log("usage: \nto send: $.pm(options)\nto receive: $.pm.bind(type, fn, [origin])");[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • console.log("$.pm.dispatch", e, this);[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
  • console.log("hash.send", target_window, options, msg);[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval("("+text+")");[https://s2.wp.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/js/postmessage.js,/wp-content/js/mobile-useragent-info.js?m=1558356653j]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
TITAN GEL – Agrande su miembro hoy mismo