Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
31.148.21.4
Report Time:
23 Jan 2021 17:31:40 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(url, '', 'status=no,scrollbars=yes,resizable=yes,width='+width+',height='+height+',top='+Math.floor((h - height)/2-14)+',left='+Math.floor((w - width)/2-5));[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • window.open(url, '', 'status=no,scrollbars=yes,resizable=yes,width='+width+',height='+height+',top='+Math.floor((h - height)/2-14)+',left='+Math.floor((w - width)/2-5));[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • window.open(url);[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* /bitrix/js/main/core/core_fx.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* /bitrix/js/main/json/json2.min.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* /bitrix/js/main/core/core_ls.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* /bitrix/js/main/core/core_window.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* /bitrix/js/main/utils.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* /bitrix/js/main/core/core.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* /bitrix/js/main/core/core_ajax.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* /bitrix/js/main/session.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* Start:/bitrix/js/main/core/core.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /**********************************************************************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*********** Bitrix JS Core library ver 0.9.0 beta ********************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /**********************************************************************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* ready */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* list of registered proxy functions */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* getElementById cache */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* List of denied event handlers */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* list of registered event handlers */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* list of registered custom events */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* list of external garbage collectors */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* list of loaded CSS files */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* list of loaded JS files */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* browser detection */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* regexps */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* OO emulation utility */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* DOM manipulation */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* CSS-notation should be used here */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* params: { tagName|tag : 'tagName', className|class : 'className', attribute : {attribute : value, attribute : value} | attribute | [attribute, attribute....], property : {prop: value, prop: value} | prop | [prop, prop] } all values can be RegExps or strings*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* events */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* custom events */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* BX.addCustomEvent(eventObject, eventName, eventHandler) - set custom event handler for particular object BX.addCustomEvent(eventName, eventHandler) - set custom event handler for all objects*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* shift parameters for short version */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* shift parameters for short version */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* shift parameters for short version */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*eventObject == window || */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* ready */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* browser detection */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* low-level fx funcitons*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* some useful util functions */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* window pos functions */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* non-xhr loadings */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /******* HINT ***************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* ready */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* \ready */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /********* Check for currently loaded core scripts ***********/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* garbage collector */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* for (i = 0, len = proxyList.length; i < len; i++) { try { delete proxyList[i]; proxyList[i] = null; } catch (e) {} }*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* \garbage collector */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* End */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* Start:/bitrix/js/main/core/core_ajax.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*other parameters: url: url to get/post data: data to post onsuccess: successful request callback. BX.proxy may be used. onfailure: request failure callback. BX.proxy may be used. lsId: local storage id - for constantly updating queries which can communicate via localStorage. core_ls.js neededany of the default parameters can be overridden. defaults can be changed by BX.ajax.Setup() - for all further requests!*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* simple interface */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* load and execute external file script with onload emulation */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* non-xhr loadings */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*arObs = [{ url: url, type: html|script|json|css, callback: function}]*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* ajax form sending */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* user options handling */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* End */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* Start:/bitrix/js/main/session.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* End */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* Start:/bitrix/js/main/json/json2.min.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* End */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* Start:/bitrix/js/main/core/core_ls.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* localStorage public interface */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* localStorage prototype */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /************** IE 7 ******************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /************** IE 8 & FF 3.6 ***************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* additional functions */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /***************** initialize *********************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* End */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* Start:/bitrix/js/main/core/core_window.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* windows manager */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* base button class */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* base window class */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* dialog window class extends window class */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* standard bitrix dialog extends BX.CWindowDialog */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* arParams = { ( title: 'dialog title', head: 'head block html', content: 'dialog content', icon: 'head icon classname or filename', resize_id: 'some id to save resize information'// useless if resizable = false ) or ( content_url: url to content load loaded content scripts can use BX.WindowManager.Get() to get access to the current window object ) height: window_height_in_pixels, width: window_width_in_pixels, draggable: true|false, resizable: true|false, min_height: min_window_height_in_pixels, // useless if resizable = false min_width: min_window_width_in_pixels, // useless if resizable = false buttons: [ 'html_code', BX.CDialog.btnSave, BX.CDialog.btnCancel, BX.CDialog.btnClose ] }*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*'99% center'*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*BUTTON: { title: 'title', 'action': function executed in window object context}BX.CDialog.btnSave || BX.CDialog.btnCancel - standard buttons*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* special child for admin forms loaded into public page */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* class for dialog window with editors */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* class for wizards in admin section */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* class for auth dialog */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* MENU CLASSES */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* menu opener class */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*{ DOMNode DIV, BX.CMenu or Array MENU, TYPE = 'hover' | 'click', TIMEOUT: 1000 ATTACH_MODE: 'top' | 'right' ACTIVE_CLASS: className for opener element when menu is opened}*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* common menu class */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* if (BX.browser.IsIE() && !BX.browser.IsDoctype()) { pos.top -= 4; pos.bottom -= 4; pos.left -= 2; pos.right -= 2; }*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* components toolbar class */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*, true*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* global page opener class */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*this.isMenuVisible() || this.DIV.style.display == 'none' || */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /******* HINT ***************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*************************** admin informer **********************************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* End */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* Start:/bitrix/js/main/utils.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*alert("Error! jsUtils.EvalGlobal");*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /************************************************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*Restrict drag*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*shadow*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /************************************************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /************************************************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /************************************************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /************************************************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* End */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* Start:/bitrix/js/main/core/core_fx.js*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*options: { start: start value or {param: value, param: value} finish: finish value or {param: value, param: value} time: time to transform in seconds type: linear|accelerated|decelerated|custom func name callback, callback_start, callback_complete, step: time between steps in seconds allowFloat: false|true}*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*type rules of animation - linear - simple linear animation - accelerated - decelerated*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* params: { start_value, finish_value, current_time, total_time }*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /****************** effects realizaion ************************/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* type = 'fade' || 'scroll' || 'scale' || 'fold'*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /*options = { delay: 100, duration : 3000, start : { scroll : document.body.scrollTop, left : 0, opacity : 100 }, finish : { scroll : document.body.scrollHeight, left : 500, opacity : 10 }, transition : BitrixAnimation.makeEaseOut(BitrixAnimation.transitions.quart), step : function(state) { document.body.scrollTop = state.scroll; button.style.left = state.left + "px"; button.style.opacity = state.opacity / 100; }, complete : function() { button.style.background = "green"; }}options ={ delay : 20, duration : 4000, transition : BXAnimation.makeEaseOut(BXAnimation.transitions.quart), progress : function(progress) { document.body.scrollTop = Math.round(topMax * progress); button.style.left = Math.round(leftMax * progress) + "px"; button.style.opacity = (100 + Math.round((opacityMin - 100) * progress)) / 100; }, complete : function() { button.style.background = "green"; }}*/[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /* End */[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • /** * Class for Web SQL Database * @param params * @constructor */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Parameters description: * version - version of the database * name - name of the database * displayName - display name of the database * capacity - size of the database in bytes. * @param params */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Takes the list of existing tables from the database * @param callback The callback handler will be invoked with boolean parameter as a first argument * @example */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Creates the table in the database * @param params */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Drops the table from the database * @param params */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Drops the table from the database * @param params */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Gets the data from the table * @param params */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Updates the table * @param params */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Deletes rows from the table * @param params */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Builds the query string and the set of values. * @param params * @returns {{query: string, values: Array}} */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Gets pairs for query string * @param {object} fields The object with set of key-value pairs * @param {string} operator The keyword that will be join on the beginning of the string * @returns {string} */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Gets the string with keys of fields that have splitted by commas * @param fields * @param defaultResult * @returns {string} */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Gets the string with values of the array that have splitted by commas * @param fields * @param defaultResult * @returns {string} */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Gets the array of values * @param values * @returns {Array} */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Executes the query * @param success The success callback * @param fail The failture callback * @returns {string} * @param query */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /** * Gets the beautifying result from the query response * @param results * @returns {*} */[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • /* Modernizr 2.6.2 (Custom Build) | MIT & BSD * Build: http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-hsla-multiplebgs-opacity-rgba-textshadow-cssanimations-csscolumns-generatedcontent-cssgradients-cssreflections-csstransforms-csstransforms3d-csstransitions-applicationcache-canvas-canvastext-draganddrop-hashchange-history-audio-video-indexeddb-input-inputtypes-localstorage-postmessage-sessionstorage-websockets-websqldatabase-webworkers-geolocation-inlinesvg-smil-svg-svgclippaths-touch-webgl-shiv-mq-cssclasses-addtest-prefixed-teststyles-testprop-testallprops-hasevent-prefixes-domprefixes-load */[http://vinku.ru/bitrix/templates/main_vinku/js/modernizr.min.js]
  • /*! jQuery v@1.8.1 jquery.com | jquery.org/license */[https://ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js]
  • /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/[https://maps.googleapis.com/maps/api/js?key=AIzaSyB9KZqa_uI7nUcmpTlU3mcELLLPKat-jbM&callback=initMap]
  • /* Copyright 2013 Google LLC. SPDX-License-Identifier: Apache-2.0*/[https://maps.googleapis.com/maps/api/js?key=AIzaSyB9KZqa_uI7nUcmpTlU3mcELLLPKat-jbM&callback=initMap]
  • /* Copyright 2011 Google LLC. SPDX-License-Identifier: Apache-2.0*/[https://maps.googleapis.com/maps/api/js?key=AIzaSyB9KZqa_uI7nUcmpTlU3mcELLLPKat-jbM&callback=initMap]
  • /* Copyright 2008 Google LLC. SPDX-License-Identifier: Apache-2.0*/[https://maps.googleapis.com/maps/api/js?key=AIzaSyB9KZqa_uI7nUcmpTlU3mcELLLPKat-jbM&callback=initMap]
  • /*Math.uuid.js (v1.4)http://www.broofa.commailto:robert@broofa.comCopyright (c) 2010 Robert KiefferDual licensed under the MIT and GPL licenses.*/[https://maps.googleapis.com/maps/api/js?key=AIzaSyB9KZqa_uI7nUcmpTlU3mcELLLPKat-jbM&callback=initMap]
  • /*$0*/[http://vinku.ru/bitrix/templates/main_vinku/js/plugins.js]
  • /* Time Parser */[http://vinku.ru/bitrix/templates/main_vinku/js/common.js]
  • /*! jQuery UI - v1.10.3 - 2013-10-28 * http://jqueryui.com * Includes: jquery.ui.widget.js, jquery.ui.effect.js * Copyright 2013 jQuery Foundation and other contributors; Licensed MIT */[http://vinku.ru/bitrix/templates/main_vinku/js/jquery-ui-1.10.3.custom.min.js]
  • /*! Copyright (c) 2013 Brandon Aaron (http://brandon.aaron.sh) * Licensed under the MIT License (LICENSE.txt). * * Version: 3.1.4 * * Requires: 1.2.2+ */[http://vinku.ru/bitrix/templates/main_vinku/js/jquery.mousewheel.min.js]
  • /*! jquery.kinetic - v1.8.2 - 2013-03-23 http://the-taylors.org/jquery.kinetic * Copyright (c) 2013 Dave Taylor; Licensed MIT */[http://vinku.ru/bitrix/templates/main_vinku/js/jquery.kinetic.min.js]
  • /* * jQuery SmoothDivScroll 1.3 * * Copyright (c) 2013 Thomas Kahn * Licensed under the GPL license. * * http://www.smoothdivscroll.com/ */[http://vinku.ru/bitrix/templates/main_vinku/js/jquery.smoothdivscroll-1.3-min.js]
  • /*jQuery(document).ready(function($) { console.log('ready');});*/[http://vinku.ru/bitrix/templates/main_vinku/js/custom.js]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log('BX.debug: ', arguments.length > 0 ? arguments : arguments[0]);[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • console.log(o);[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • console.log(query);[http://vinku.ru/bitrix/js/main/core/core_db.js?142721091110954]
  • console.log("Option loopTop/loopBottom is mutually exclusive with continuousVertical; continuousVertical disabled"));[http://vinku.ru/bitrix/templates/main_vinku/js/plugins.js]
  • console.log(index);[http://vinku.ru/bitrix/templates/main_vinku/js/common.js]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval('result = ' + data);[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • eval('('+text+')');[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • eval(script);[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • document.write(BX.ajax.history.expected_hash);[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • document.write(new_hash);[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • document.write('<' + 'div id="__ajax_hash_collision_' + param_value + '" style="display: none;">');[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • document.write('</div>');[http://vinku.ru/bitrix/cache/js/s1/main_vinku/kernel_main/kernel_main.js?1466608480277632]
  • eval("result = " + response);[http://vinku.ru/bitrix/js/main/core/core_frame_cache.js?142721091111917]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)