Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
35.208.61.148
Report Time:
30 Nov 2020 01:05:42 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(b,a.id,"top=0,left=0,width="+screen.availWidth+",height="+screen.availHeight+",resizable=yes,scrollbars=no,status=no,toolbar=no")}},250);[http://www.alatharnews.com/wp-content/themes/nanomag/js/mediaelement-and-player.min.js?ver=1.4]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* <![CDATA[ */[http://www.alatharnews.com/?p=1969]
  • /* ]]> */[http://www.alatharnews.com/?p=1969]
  • /* <![CDATA[ */[http://www.alatharnews.com/?p=1969]
  • /* ]]> */[http://www.alatharnews.com/?p=1969]
  • /* <![CDATA[ */[http://www.alatharnews.com/?p=1969]
  • /* ]]> */[http://www.alatharnews.com/?p=1969]
  • /* <![CDATA[ */[http://www.alatharnews.com/?p=1969]
  • /* ]]> */[http://www.alatharnews.com/?p=1969]
  • /* <![CDATA[ */[http://www.alatharnews.com/?p=1969]
  • /* ]]> */[http://www.alatharnews.com/?p=1969]
  • /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license | WordPress 2019-05-16 */[http://www.alatharnews.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp]
  • /* * jQuery carouFredSel 6.2.1 * Demo's and documentation: * caroufredsel.dev7studios.com * * Copyright (c) 2013 Fred Heusschen * www.frebsite.nl * * Dual licensed under the MIT and GPL licenses. * http://en.wikipedia.org/wiki/MIT_License * http://en.wikipedia.org/wiki/GNU_General_Public_License */[http://www.alatharnews.com/wp-content/plugins/carousel-horizontal-posts-content-slider/assets/js/caroufredsel/jquery.carouFredSel-6.2.1-packed.js?ver=5.5.3]
  • /* =========================================================// jquery.innerfade.js// Datum: 2008-02-14// Firma: Medienfreunde Hofmann & Baldes GbR// Author: Torsten Baldes// Mail: t.baldes@medienfreunde.com// Web: http://medienfreunde.com// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/// and Ralf S. Engelschall http://trainofthoughts.org/ * * <ul id="news"> * <li>content 1</li> * <li>content 2</li> * <li>content 3</li> * </ul> * * $('#news').innerfade({ * animationtype: Type of animation 'fade' or 'slide' (Default: 'fade'), * speed: Fading-/Sliding-Speed in milliseconds or keywords (slow, normal or fast) (Default: 'normal'), * timeout: Time between the fades in milliseconds (Default: '2000'), * type: Type of slideshow: 'sequence', 'random' or 'random_start' (Default: 'sequence'), * containerheight: Height of the containing element in any css-height-value (Default: 'auto'), * runningclass: CSS-Class which the container get’s applied (Default: 'innerfade'), * children: optional children selector (Default: null) * }); *// ========================================================= */[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.innerfade.js?ver=5.5.3]
  • /** This is a simple JavaScript vertical scroller that is crossbrowser and also validates* as XHTML Strict.** Usage:* (1) Define a <div> tag with a specified ID, containing the scrolling text. One <div> for each line.* (2) Define an INLINE CSS width and height (important, MUST be inline)* (3) Execute the divScroller function, passing id, mode (h or v), speed (higher number means* slower) and delay (in ms).**/[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.newsticker-rtl.js?ver=5.5.3]
  • /***************************************************************************************************** Cross browser getElementByID.* From: http://www.quirksmode.org** @param id*/[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.newsticker-rtl.js?ver=5.5.3]
  • /***************************************************************************************************** Enables the scrolling for the specified div (matching id).** @param string id of the tag* @param speed* @param delay*/[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.newsticker-rtl.js?ver=5.5.3]
  • /*if (!scroller.style.height)if (scroller.obj.currentStyle)scroller.style.height = scroller.obj.currentStyle.height;elsescroller.style.height = document.defaultView.getComputedStyle(scroller.obj, null).getPropertyValue("height");*/[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.newsticker-rtl.js?ver=5.5.3]
  • /***************************************************************************************************** Helper for the HORIZONTAL scrolling for the specified div (matching id).* This is the real "ticker" function, executed to move the div.** @param string id of the tag* @param pre-calculated height limit (to speed up execution)* @param speed* @param delay*/[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.newsticker-rtl.js?ver=5.5.3]
  • /*if (!(parseInt(inner.style.right) == parseInt(scroller.style.width)) &&!(parseInt(inner.style.right) == -limit) &&(parseInt(inner.style.right) % parseInt(scroller.style.width)) == 0){nextTick = delay;}*/[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.newsticker-rtl.js?ver=5.5.3]
  • /***************************************************************************************************** Helper for the VERTICAL scrolling for the specified div (matching id).* This is the real "ticker" function, executed to move the div.** @param string id of the tag* @param pre-calculated height limit (to speed up execution)* @param speed* @param delay*/[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.newsticker-rtl.js?ver=5.5.3]
  • /***************************************************************************************************** OnMouseOver helper for the HORIZONTAL scrolling for the specified div (matching id).** @param string id of the tag*/[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.newsticker-rtl.js?ver=5.5.3]
  • /***************************************************************************************************** Apply essential working styles to each <div> inside the scroller.** @param string id of the inner div*/[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.newsticker-rtl.js?ver=5.5.3]
  • /* SWFObject v2.2 <http://code.google.com/p/swfobject/> is released under the MIT License <http://www.opensource.org/licenses/mit-license.php> */[http://www.alatharnews.com/wp-content/plugins/xorbin-analog-flash-clock/js/swfobject.v2.2.js?ver=5.5.3]
  • /* The MIT License (MIT) @todo Lazy Load Icon @todo prevent animationend bubling @todo itemsScaleUp @todo Test Zepto @todo stagePadding calculate wrong active classes The MIT License (MIT) The MIT License (MIT) The MIT License (MIT) The MIT License (MIT) The MIT License (MIT) The MIT License (MIT) The MIT License (MIT)*/[http://www.alatharnews.com/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/assets/js/owl.carousel.min.js?ver=5.2.0]
  • /*! Swipebox v1.4.4 | Constantin Saguin csag.co | MIT License | github.com/brutaldesign/swipebox */[http://www.alatharnews.com/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/assets/js/jquery.swipebox.min.js?ver=5.2.0]
  • /* Modernizr 2.6.2 (Custom Build) | MIT & BSD * Build: http://modernizr.com/download/#-backgroundsize-csstransforms3d-csstransitions-touch-shiv-cssclasses-prefixed-teststyles-testprop-testallprops-prefixes-domprefixes-load */[http://www.alatharnews.com/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/assets/js/modernizr.custom.26633.min.js?ver=5.2.0]
  • /* Modernizr 2.7.1 (Custom Build) | MIT & BSD * Build: http://modernizr.com/download/#-csstransitions-touch-shiv-cssclasses-prefixed-teststyles-testprop-testallprops-prefixes-domprefixes-load */[http://www.alatharnews.com/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/assets/js/modernizr.min.js?ver=5.2.0]
  • /** * AQPB View JS * Front-end js for Aqua Page Builder blocks */[http://www.alatharnews.com/wp-content/themes/nanomag/inc/addon/aqua-page-builder-master/assets/javascripts/aqpb-view.js?ver=1606698329]
  • /** Fire up jQuery - let's dance! */[http://www.alatharnews.com/wp-content/themes/nanomag/inc/addon/aqua-page-builder-master/assets/javascripts/aqpb-view.js?ver=1606698329]
  • /** Tabs & Toggles -------------------------------*/[http://www.alatharnews.com/wp-content/themes/nanomag/inc/addon/aqua-page-builder-master/assets/javascripts/aqpb-view.js?ver=1606698329]
  • /*! This file is auto-generated */[http://www.alatharnews.com/wp-includes/js/comment-reply.min.js?ver=5.5.3]
  • /* * Polyfill for Internet Explorer * See https://developer.mozilla.org/en-US/docs/Web/API/CustomEvent/CustomEvent */[http://www.alatharnews.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3]
  • /* * Pause jQuery plugin v0.1 * * Copyright 2010 by Tobia Conforto <tobia.conforto@gmail.com> * * Based on Pause-resume-animation jQuery plugin by Joe Weitzel * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or(at your option) * any later version. * * This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * more details. * * You should have received a copy of the GNU General Public License along with * this program; if not, write to the Free Software Foundation, Inc., 51 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */[http://www.alatharnews.com/wp-content/themes/nanomag/js/marquee.js?ver=1.4]
  • /* * Superfish v1.7.3 - jQuery menu widget * Copyright (c) 2013 Joel Birch * * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu.org/licenses/gpl.html */[http://www.alatharnews.com/wp-content/themes/nanomag/js/superfish.js?ver=1.4]
  • /* * jQuery OwlCarousel v1.31 * * Copyright (c) 2013 Bartosz Wojciechowski * http://www.owlgraphic.com/owlcarousel/ * * Licensed under MIT * */[http://www.alatharnews.com/wp-content/themes/nanomag/js/owl.carousel.js?ver=1.4]
  • /* * jQuery pageSlide * Version 2.0 * http://srobbin.com/jquery-pageslide/ * * jQuery Javascript plugin which slides a webpage over to reveal an additional interaction pane. * * Copyright (c) 2011 Scott Robbin (srobbin.com) * Dual licensed under the MIT and GPL licenses.*/[http://www.alatharnews.com/wp-content/themes/nanomag/js/jquery.pageslide.min.js?ver=1.4]
  • /*!* MediaElement.js* HTML5 <video> and <audio> shim and player* http://mediaelementjs.com/** Creates a JavaScript object that mimics HTML5 MediaElement API* for browsers that don't understand HTML5 or can't play the provided codec* Can play MP4 (H.264), Ogg, WebM, FLV, WMV, WMA, ACC, and MP3** Copyright 2010-2013, John Dyer (http://j.hn)* License: MIT**/[http://www.alatharnews.com/wp-content/themes/nanomag/js/mediaelement-and-player.min.js?ver=1.4]
  • /*! * MediaElementPlayer * http://mediaelementjs.com/ * * Creates a controller bar for HTML5 <video> add <audio> tags * using jQuery and MediaElement.js (HTML5 Flash/Silverlight wrapper) * * Copyright 2010-2013, John Dyer (http://j.hn/) * License: MIT * */[http://www.alatharnews.com/wp-content/themes/nanomag/js/mediaelement-and-player.min.js?ver=1.4]
  • /*! Fluidvids v2.2.0 | (c) 2014 @toddmotto | github.com/toddmotto/fluidvids */[http://www.alatharnews.com/wp-content/themes/nanomag/js/fluidvids.js?ver=1.4]
  • /* jQuery Waypoints - v2.0.4 Copyright (c) 2011-2014 Caleb Troughton Dual licensed under the MIT license and GPL license. https://github.com/imakewebthings/jquery-waypoints/blob/master/licenses.txt */[http://www.alatharnews.com/wp-content/themes/nanomag/js/waypoints.min.js?ver=1.4]
  • /*! Copyright (c) 2011 Piotr Rochala (http://rocha.la) * Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) * and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses. * * Version: 1.3.0 * */[http://www.alatharnews.com/wp-content/themes/nanomag/js/jquery.slimscroll.min.js?ver=1.4]
  • /*!jQuery Knob*/[http://www.alatharnews.com/wp-content/themes/nanomag/js/jquery.knob.js?ver=1.4]
  • /** * Downward compatible, touchable dial * * Version: 1.2.11 * Requires: jQuery v1.7+ * * Copyright (c) 2012 Anthony Terrien * Under MIT License (http://www.opensource.org/licenses/mit-license.php) * * Thanks to vor, eskimoblood, spiffistan, FabrizioC */[http://www.alatharnews.com/wp-content/themes/nanomag/js/jquery.knob.js?ver=1.4]
  • /** * Kontrol library */[http://www.alatharnews.com/wp-content/themes/nanomag/js/jquery.knob.js?ver=1.4]
  • /** * Definition of globals and core */[http://www.alatharnews.com/wp-content/themes/nanomag/js/jquery.knob.js?ver=1.4]
  • /** * Kontrol Object * * Definition of an abstract UI control * * Each concrete component must call this one. * <code> * k.o.call(this); * </code> */[http://www.alatharnews.com/wp-content/themes/nanomag/js/jquery.knob.js?ver=1.4]
  • /** * k.Dial */[http://www.alatharnews.com/wp-content/themes/nanomag/js/jquery.knob.js?ver=1.4]
  • /** * BxSlider v4.1.2 - Fully loaded, responsive content slider * http://bxslider.com * * Copyright 2014, Steven Wanderski - http://stevenwanderski.com - http://bxcreative.com * Written while drinking Belgian ales and listening to jazz * * Released under the MIT license - http://opensource.org/licenses/MIT */[http://www.alatharnews.com/wp-content/themes/nanomag/js/jquery.bxslider.min.js?ver=1.4]
  • /*! This file is auto-generated */[http://www.alatharnews.com/wp-includes/js/wp-embed.min.js?ver=5.5.3]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log(b)}return!1}$.fn.carouFredSel||($.fn.caroufredsel=$.fn.carouFredSel=function(options,configs){if(0==this.length)return debug(!0,'No element found for "'+this.selector+'".'),this;if(this.length>1)return this.each(function(){$(this).carouFredSel(options,configs)});[http://www.alatharnews.com/wp-content/plugins/carousel-horizontal-posts-content-slider/assets/js/caroufredsel/jquery.carouFredSel-6.2.1-packed.js?ver=5.5.3]
  • console.log("swipeRight");[http://www.alatharnews.com/wp-content/plugins/carousel-horizontal-posts-content-slider/assets/js/script.js?ver=5.5.3]
  • console.log("media clicked",c.media,c.media.paused);[http://www.alatharnews.com/wp-content/themes/nanomag/js/mediaelement-and-player.min.js?ver=1.4]
  • console.log("showing existing slide");[http://www.alatharnews.com/wp-content/themes/nanomag/js/mediaelement-and-player.min.js?ver=1.4]
  • console.log((Array.prototype.slice.call(arguments)).toString())}else{console.log(Array.prototype.slice.call(arguments))}}else{if(!Function.prototype.bind&&typeof console!=="undefined"&&typeof console.log==="object"){Function.prototype.call.call(console.log,console,Array.prototype.slice.call(arguments))}}},_determinepath:function A(E){var D=this.options;if(!!D.behavior&&this["_determinepath_"+D.behavior]!==k){return this["_determinepath_"+D.behavior].call(this,E)}if(!!D.pathParse){this._debug("pathParse manual");[http://www.alatharnews.com/wp-content/themes/nanomag/js/jquery.infinitescroll.min.js?ver=1.4]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval("opts."+a);[http://www.alatharnews.com/wp-content/plugins/carousel-horizontal-posts-content-slider/assets/js/caroufredsel/jquery.carouFredSel-6.2.1-packed.js?ver=5.5.3]
  • eval("opts."+a);[http://www.alatharnews.com/wp-content/plugins/carousel-horizontal-posts-content-slider/assets/js/caroufredsel/jquery.carouFredSel-6.2.1-packed.js?ver=5.5.3]
  • eval("opts_orig."+a+" = b"),c!==!1?reInit=!0:eval("opts."+a+" = b")}if(reInit){sz_resetMargin($cfs.children(),opts),FN._init(opts_orig),FN._bind_buttons();[http://www.alatharnews.com/wp-content/plugins/carousel-horizontal-posts-content-slider/assets/js/caroufredsel/jquery.carouFredSel-6.2.1-packed.js?ver=5.5.3]
  • document.write(spanContent);[http://www.alatharnews.com/wp-content/plugins/fikraticker/js/jquery.newsticker-rtl.js?ver=5.5.3]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
طفلة موصلية تلتقي اهلها بعد ثلاث سنوات تحت ظلمة داعش | الأثر نيوز