Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
72.21.8.22
Report Time:
30 Sep 2020 03:02:50 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(url);[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/[https://www.googletagmanager.com/gtag/js?id=AW-658453811]
  • /* jQuery v1.9.1 (c) 2005, 2012 jQuery Foundation, Inc. jquery.org/license. */[https://www.googletagmanager.com/gtag/js?id=AW-658453811]
  • /* Copyright (c) 2014 Derek Brans, MIT license https://github.com/krux/postscribe/blob/master/LICENSE. Portions derived from simplehtmlparser, which is licensed under the Apache License, Version 2.0 */[https://www.googletagmanager.com/gtag/js?id=AW-658453811]
  • /*! jQuery v1.9.0 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license */[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • /*! * jQuery Form Plugin * version: 3.51.0-2014.06.20 * Requires jQuery v1.5 or later * Copyright (c) 2014 M. Alsup * Examples and documentation at: http://malsup.com/jquery/form/ * Project repository: https://github.com/malsup/form * Dual licensed under the MIT and GPL licenses. * https://github.com/malsup/form#copyright-and-license */[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • /*! jQuery Validation Plugin - v1.12.0 - 4/1/2014 * http://jqueryvalidation.org/ * Copyright (c) 2014 Jörn Zaefferer; Licensed MIT */[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • /** * Figure out if we should show the popup (if they've closed it before, don't show it.) */[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • /** * Grab the list subscribe url from the form action and make it work for an ajax post. */[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • /** * Classify text inputs in the same field group as group for validation purposes. * All this does is tell jQueryValidation to create one error div for the group, rather * than one for each input. Primary use case is birthday and date fields, where we want * to display errors about the inputs collectively, not individually. * * NOTE: Grouping inputs will give you one error div, but you still need to specify where * that div should be displayed. By default, it's inserted after the first input with a * validation error, which can break up a set of inputs. Use the errorPlacement setting in * the validator to control error div placement. */[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • /** * Check if a field is part of a multipart field * (e.g., A date merge field is composed of individual inputs for month, day and year) * Used in jQuery validation onkeyup method to ensure that we don't evaluate a field * if a user hasn't reached the last input in a multipart field yet. */[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • /** * Checks if the element is the last input in its fieldgroup. * If the field is not the last in a set of inputs we don't want to validate it on certain events (onfocusout, onblur) * because the user might not be finished yet. */[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • /** * Handle the error/success message after successful form submission. * Success messages are appended to #mce-success-response * Error messages are displayed with the invalid input when possible, or appended to #mce-error-response */[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • /*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */[https://www.growproslawncare.com/files/template/base-resources.js]
  • /* jQuery Easing v1.3 - http://gsgd.co.uk/sandbox/jquery/easing/ */[https://www.growproslawncare.com/files/template/base-resources.js]
  • /* jquery.transit.js */[https://www.growproslawncare.com/files/template/base-resources.js]
  • /** jquery-match-height master by @liabru* http://brm.io/jquery-match-height/* License: MIT*/[https://www.growproslawncare.com/files/template/base-resources.js]
  • /* CORE.JS */[https://www.growproslawncare.com/files/template/base-resources.js]
  • /*! Magnific Popup - v1.1.0 - 2016-02-20* http://dimsemenov.com/plugins/magnific-popup/* Copyright (c) 2016 Dmitry Semenov; */[https://www.growproslawncare.com/files/template/base-resources.js]
  • /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/[https://www.googletagmanager.com/gtag/js?id=UA-136526722-31]
  • /* jQuery v1.9.1 (c) 2005, 2012 jQuery Foundation, Inc. jquery.org/license. */[https://www.googletagmanager.com/gtag/js?id=UA-136526722-31]
  • /* Copyright (c) 2014 Derek Brans, MIT license https://github.com/krux/postscribe/blob/master/LICENSE. Portions derived from simplehtmlparser, which is licensed under the Apache License, Version 2.0 */[https://www.googletagmanager.com/gtag/js?id=UA-136526722-31]
  • /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/[https://maps.googleapis.com/maps/api/js?key=AIzaSyDmaIPqVr0AQw_ekZxytujKIal93PVkCnY&libraries=places&callback=InitAutocomplete]
  • /* Copyright 2013 Google LLC. SPDX-License-Identifier: Apache-2.0*/[https://maps.googleapis.com/maps/api/js?key=AIzaSyDmaIPqVr0AQw_ekZxytujKIal93PVkCnY&libraries=places&callback=InitAutocomplete]
  • /* Copyright 2011 Google LLC. SPDX-License-Identifier: Apache-2.0*/[https://maps.googleapis.com/maps/api/js?key=AIzaSyDmaIPqVr0AQw_ekZxytujKIal93PVkCnY&libraries=places&callback=InitAutocomplete]
  • /* Copyright 2008 Google LLC. SPDX-License-Identifier: Apache-2.0*/[https://maps.googleapis.com/maps/api/js?key=AIzaSyDmaIPqVr0AQw_ekZxytujKIal93PVkCnY&libraries=places&callback=InitAutocomplete]
  • /*Math.uuid.js (v1.4)http://www.broofa.commailto:robert@broofa.comCopyright (c) 2010 Robert KiefferDual licensed under the MIT and GPL licenses.*/[https://maps.googleapis.com/maps/api/js?key=AIzaSyDmaIPqVr0AQw_ekZxytujKIal93PVkCnY&libraries=places&callback=InitAutocomplete]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log(t):window.opera&&window.opera.postError&&window.opera.postError(t)}}var n={};n.fileapi=void 0!==e("<input type='file'/>").get(0).files,n.formdata=void 0!==window.FormData;var i=!!e.fn.prop;e.fn.attr2=function(){if(!i)return this.attr.apply(this,arguments);[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • console.log("Exception occurred when checking element "+b.id+", check the '"+e.method+"' method.",j),j}}if(!h)return this.objectLength(f)&&this.successList.push(b),!0},customDataMessage:function(b,c){return a(b).data("msg"+c[0].toUpperCase()+c.substring(1).toLowerCase())||a(b).data("msg")},customMessage:function(a,b){var c=this.settings.messages[a];return c&&(c.constructor===String?c:c[b])},findDefined:function(){for(var a=0;a<arguments.length;a++)if(void 0!==arguments[a])return arguments[a];return void 0},defaultMessage:function(b,c){return this.findDefined(this.customMessage(b.name,c),this.customDataMessage(b,c),!this.settings.ignoreTitle&&b.title||void 0,a.validator.messages[c],"<strong>Warning: No message defined for "+b.name+"</strong>")},formatAndAdd:function(b,c){var d=this.defaultMessage(b,c.method),e=/\$?\{(\d+)\}/g;"function"==typeof d?d=d.call(this,c.parameters,b):e.test(d)&&(d=a.validator.format(d.replace(e,"{$1}"),c.parameters)),this.errorList.push({message:d,element:b,method:c.method}),this.errorMap[b.name]=d,this.submitted[b.name]=d},addWrapper:function(a){return this.settings.wrapper&&(a=a.add(a.parent(this.settings.wrapper))),a},defaultShowErrors:function(){var a,b,c;for(a=0;this.errorList[a];a++)c=this.errorList[a],this.settings.highlight&&this.settings.highlight.call(this,c.element,this.settings.errorClass,this.settings.validClass),this.showLabel(c.element,c.message);[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • console.log($fields.eq(0));[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
  • console.log('=------------------------------\r\n\r\nHTML:' + $(this).html().trim());[https://www.growproslawncare.com/files/template/template.js]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval("("+e+")")},_=function(t,r,a){var n=t.getResponseHeader("content-type")||"",i="xml"===r||!r&&n.indexOf("xml")>=0,o=i?t.responseXML:t.responseText;return i&&"parsererror"===o.documentElement.nodeName&&e.error&&e.error("parsererror"),a&&a.dataFilter&&(o=a.dataFilter(o,r)),"string"==typeof o&&("json"===r||!r&&n.indexOf("json")>=0?o=C(o):("script"===r||!r&&n.indexOf("javascript")>=0)&&e.globalEval(o)),o};return S}if(!this.length)return a("ajaxSubmit: skipping submit process - no element selected"),this;var u,c,l,f=this;"function"==typeof t?t={success:t}:void 0===t&&(t={}),u=t.type||this.attr2("method"),c=t.url||this.attr2("action"),l="string"==typeof c?e.trim(c):"",l=l||window.location.href||"",l&&(l=(l.match(/^([^#]+)/)||[])[1]),t=e.extend(!0,{url:l,success:e.ajaxSettings.success,type:u||e.ajaxSettings.type,iframeSrc:/^https/i.test(window.location.href||"")?"javascript:false":"about:blank"},t);[https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
Lawn Care & Landscaping Services | Elkhart, Granger, & South Bend, IN | Grow Pros Lawn Care, LLC