Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
34.93.72.27
Report Time:
22 Oct 2020 01:32:14 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(redirect_url);[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/efapgydy/4i449.js]
  • window.open(redirect_url);[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/efapgydy/4i449.js]
  • window.open($this_map_container.data("map"),marker)})}})}},window.et_load_event_fired?et_pb_init_maps():"undefined"!=typeof google&&void 0!==google.maps&&google.maps.event.addDomListener(window,"load",function(){et_pb_init_maps()})),$et_pb_shop.length&&$et_pb_shop.each(function(){var $this_el=$(this),icon=$this_el.data("icon")||"";if(""===icon)return!0;$this_el.find(".et_overlay").attr("data-icon",icon).addClass("et_pb_inline_icon")}),$et_pb_background_layout_hoverable.each(function(){var $this_el=$(this),background_layout=$this_el.data("background-layout"),background_layout_hover=$this_el.data("background-layout-hover");[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/21nese8o/4i449.js]
  • window.open("https://feedburner.google.com/fb/a/mailverify?uri="+$feed_name,"et-feedburner-subscribe","scrollbars=yes,width=550,height=520"),!0;var $newsletter_container=$submit.closest(".et_pb_newsletter"),$name=$newsletter_container.find('input[name="et_pb_signup_firstname"]'),$lastname=$newsletter_container.find('input[name="et_pb_signup_lastname"]'),$email=$newsletter_container.find('input[name="et_pb_signup_email"]'),list_id=$newsletter_container.find('input[name="et_pb_signup_list_id"]').val(),$error_message=$newsletter_container.find(".et_pb_newsletter_error").hide(),provider=$newsletter_container.find('input[name="et_pb_signup_provider"]').val(),account=$newsletter_container.find('input[name="et_pb_signup_account_name"]').val(),ip_address=$newsletter_container.find('input[name="et_pb_signup_ip_address"]').val(),$fields_container=$newsletter_container.find(".et_pb_newsletter_fields"),$success_message=$newsletter_container.find(".et_pb_newsletter_success"),redirect_url=$newsletter_container.data("redirect_url"),redirect_query=$newsletter_container.data("redirect_query"),custom_fields={},hidden_fields=[],et_message="<ul>",et_fields_message="",$custom_fields=$fields_container.find('input[type=text], .et_pb_checkbox_handle, .et_pb_contact_field[data-type="radio"], textarea, select').filter(".et_pb_signup_custom_field, .et_pb_signup_custom_field *");[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/21nese8o/4i449.js]
  • window.open(link_option_entry.url);[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/21nese8o/4i449.js]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* PLEASE DO NOT COPY AND PASTE THIS CODE. */[https://www.google.com/recaptcha/api.js?onload=cf7srLoadCallback&render=explicit]
  • /**`Promise.resolve` returns a promise that will become resolved with thepassed `value`. It is shorthand for the following:```javascriptlet promise=new Promise(function(resolve, reject){resolve(1);});promise.then(function(value){});```Instead of writing the above, your code now simply becomes the following:```javascriptlet promise=Promise.resolve(1);promise.then(function(value){});```@method resolve@static@param {Any} value value that the returned promise will be resolved withUseful for tooling.@return {Promise} a promise that will become fulfilled with the given`value`*/[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/6m7iyjx5/4i449.js]
  • /**`Promise.all` accepts an array of promises, and returns a new promise whichis fulfilled with an array of fulfillment values for the passed promises, orrejected with the reason of the first passed promise to be rejected. It casts allelements of the passed iterable to promises as it runs this algorithm.Example:```javascriptlet promise1=resolve(1);let promise2=resolve(2);let promise3=resolve(3);let promises=[ promise1, promise2, promise3 ];Promise.all(promises).then(function(array){});```If any of the `promises` given to `all` are rejected, the first promisethat is rejected will be given as an argument to the returned promises'srejection handler. For example:Example:```javascriptlet promise1=resolve(1);let promise2=reject(new Error("2"));let promise3=reject(new Error("3"));let promises=[ promise1, promise2, promise3 ];Promise.all(promises).then(function(array){}, function(error){});```@method all@static@param {Array} entries array of promises@param {String} label optional string for labeling the promise.Useful for tooling.@return {Promise} promise that is fulfilled when all `promises` have beenfulfilled, or rejected if any of them become rejected.@static*/[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/6m7iyjx5/4i449.js]
  • /**`Promise.race` returns a new promise which is settled in the same way as thefirst passed promise to settle.Example:```javascriptlet promise1=new Promise(function(resolve, reject){setTimeout(function(){resolve('promise 1');}, 200);});let promise2=new Promise(function(resolve, reject){setTimeout(function(){resolve('promise 2');}, 100);});Promise.race([promise1, promise2]).then(function(result){});````Promise.race` is deterministic in that only the state of the firstsettled promise matters. For example, even if other promises given to the`promises` array argument are resolved, but the first settled promise hasbecome rejected before the other promises became fulfilled, the returnedpromise will become rejected:```javascriptlet promise1=new Promise(function(resolve, reject){setTimeout(function(){resolve('promise 1');}, 200);});let promise2=new Promise(function(resolve, reject){setTimeout(function(){reject(new Error('promise 2'));}, 100);});Promise.race([promise1, promise2]).then(function(result){}, function(reason){});```An example real-world use case is implementing timeouts:```javascriptPromise.race([ajax('foo.json'), timeout(5000)])```@method race@static@param {Array} promises array of promises to observeUseful for tooling.@return {Promise} a promise which settles in the same way as the first passedpromise to settle.*/[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/6m7iyjx5/4i449.js]
  • /**`Promise.reject` returns a promise rejected with the passed `reason`.It is shorthand for the following:```javascriptlet promise=new Promise(function(resolve, reject){reject(new Error('WHOOPS'));});promise.then(function(value){}, function(reason){});```Instead of writing the above, your code now simply becomes the following:```javascriptlet promise=Promise.reject(new Error('WHOOPS'));promise.then(function(value){}, function(reason){});```@method reject@static@param {Any} reason value that the returned promise will be rejected with.Useful for tooling.@return {Promise} a promise rejected with the given `reason`.*/[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/6m7iyjx5/4i449.js]
  • /**Promise objects represent the eventual result of an asynchronous operation. Theprimary way of interacting with a promise is through its `then` method, whichregisters callbacks to receive either a promise's eventual value or the reasonwhy the promise cannot be fulfilled.Terminology------------ `promise` is an object or function with a `then` method whose behavior conforms to this specification.- `thenable` is an object or function that defines a `then` method.- `value` is any legal JavaScript value (including undefined, a thenable, or a promise).- `exception` is a value that is thrown using the throw statement.- `reason` is a value that indicates why a promise was rejected.- `settled` the final resting state of a promise, fulfilled or rejected.A promise can be in one of three states: pending, fulfilled, or rejected.Promises that are fulfilled have a fulfillment value and are in the fulfilledstate. Promises that are rejected have a rejection reason and are in therejected state. A fulfillment value is never a thenable.Promises can also be said to *resolve* a value. If this value is also apromise, then the original promise's settled state will match the value'ssettled state. So a promise that *resolves* a promise that rejects willitself reject, and a promise that *resolves* a promise that fulfills willitself fulfill.Basic Usage:------------```jslet promise=new Promise(function(resolve, reject){resolve(value);reject(reason);});promise.then(function(value){}, function(reason){});```Advanced Usage:---------------Promises shine when abstracting away asynchronous interactions such as`XMLHttpRequest`s.```jsfunction getJSON(url){return new Promise(function(resolve, reject){let xhr=new XMLHttpRequest();xhr.open('GET', url);xhr.onreadystatechange=handler;xhr.responseType='json';xhr.setRequestHeader('Accept', 'application/json');xhr.send();function handler(){if(this.readyState===this.DONE){if(this.status===200){resolve(this.response);}else{reject(new Error('getJSON: `' + url + '` failed with status: [' + this.status + ']'));}}};});}getJSON('/posts.json').then(function(json){}, function(reason){});```Unlike callbacks, promises are great composable primitives.```jsPromise.all([getJSON('/posts'),getJSON('/comments')]).then(function(values){values[0]values[1]return values;});```@class Promise@param {function} resolverUseful for tooling.@constructor*/[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/6m7iyjx5/4i449.js]
  • /**The primary way of interacting with a promise is through its `then` method,which registers callbacks to receive either a promise's eventual value or thereason why the promise cannot be fulfilled.```jsfindUser().then(function(user){}, function(reason){});```Chaining--------The return value of `then` is itself a promise. This second, 'downstream'promise is resolved with the return value of the first promise's fulfillmentor rejection handler, or rejected if the handler throws an exception.```jsfindUser().then(function (user){return user.name;}, function (reason){return 'default name';}).then(function (userName){});findUser().then(function (user){throw new Error('Found user, but still unhappy');}, function (reason){throw new Error('`findUser` rejected and we're unhappy');}).then(function (value){}, function (reason){});```If the downstream promise does not specify a rejection handler, rejection reasons will be propagated further downstream.```jsfindUser().then(function (user){throw new PedagogicalException('Upstream error');}).then(function (value){}).then(function (value){}, function (reason){});```Assimilation------------Sometimes the value you want to propagate to a downstream promise can only beretrieved asynchronously. This can be achieved by returning a promise in thefulfillment or rejection handler. The downstream promise will then be pendinguntil the returned promise is settled. This is called *assimilation*.```jsfindUser().then(function (user){return findCommentsByAuthor(user);}).then(function (comments){});```If the assimliated promise rejects, then the downstream promise will also reject.```jsfindUser().then(function (user){return findCommentsByAuthor(user);}).then(function (comments){}, function (reason){});```Simple Example--------------Synchronous Example```javascriptlet result;try {result=findResult();} catch(reason){}```Errback Example```jsfindResult(function(result, err){if(err){}else{}});```Promise Example;```javascriptfindResult().then(function(result){}, function(reason){});```Advanced Example--------------Synchronous Example```javascriptlet author, books;try {author=findAuthor();books=findBooksByAuthor(author);} catch(reason){}```Errback Example```jsfunction foundBooks(books){}function failure(reason){}findAuthor(function(author, err){if(err){failure(err);}else{try {findBoooksByAuthor(author, function(books, err){if(err){failure(err);}else{try {foundBooks(books);} catch(reason){failure(reason);}}});} catch(error){failure(err);}}});```Promise Example;```javascriptfindAuthor().then(findBooksByAuthor).then(function(books){}).catch(function(reason){});```@method then@param {Function} onFulfilled@param {Function} onRejectedUseful for tooling.@return {Promise}*/[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/6m7iyjx5/4i449.js]
  • /**`catch` is simply sugar for `then(undefined, onRejection)` which makes it the sameas the catch block of a try/catch statement.```jsfunction findAuthor(){throw new Error('couldn't find that author');}try {findAuthor();} catch(reason){}findAuthor().catch(function(reason){});```@method catch@param {Function} onRejectionUseful for tooling.@return {Promise}*/[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/6m7iyjx5/4i449.js]
  • /*$(window).scroll(function(event){event.preventDefault();if($(window).scrollTop() >=80){$("#header_fixedinner").addClass("fixed");$("#main-header").addClass("et-fixed-header");}else{$("#header_fixedinner").removeClass("fixed");$("#main-header").removeClass("et-fixed-header");}});*/[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/9mfplv3v/4i449.js]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log(error);[https://www.yashodahospitals.com/]
  • console.log("==>",e);[https://www.yashodahospitals.com/]
  • console.log("number",number);[https://www.yashodahospitals.com/]
  • console.log("number",number);[https://www.yashodahospitals.com/]
  • console.log(i)}},s.updateMeasurements=function(){this.windowHeight=t.innerHeight;var e=this.element.getBoundingClientRect();[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/fau2wc6/4i449.js]
  • console.log("Js blocked.");[https://cdnt.netcoresmartech.com/smartechclient.js]
  • console.log("Exception occurred when checking element "+b.id+", check the '"+e.method+"' method.",k),k instanceof TypeError&&(k.message+=". Exception occurred when checking element "+b.id+", check the '"+e.method+"' method."),k}}if(!i)return this.objectLength(g)&&this.successList.push(b),!0},customDataMessage:function(b,c){return a(b).data("msg"+c.charAt(0).toUpperCase()+c.substring(1).toLowerCase())||a(b).data("msg")},customMessage:function(a,b){var c=this.settings.messages[a];return c&&(c.constructor===String?c:c[b])},findDefined:function(){for(var a=0;a<arguments.length;a++)if(void 0!==arguments[a])return arguments[a]},defaultMessage:function(b,c){"string"==typeof c&&(c={method:c});[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/lavfs9ht/4i449.js]
  • console.log("hi"),a.prototype=window.Event.prototype,void(window.CustomEvent=a))}();[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/9mfplv3v/4i449.js]
  • console.log("Selector not present"):(e.setDataRow(),f.click(function(){var b=a(this);[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/9mfplv3v/4i449.js]
  • console.log(this_val);[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/9mfplv3v/4i449.js]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval(form.after_sent_script);[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/efapgydy/4i449.js]
  • eval(mymapUserCallback)}($mapLoadedPosts,this.url)}})},mapPaginatorTotalCount=function(a){var t=0;for(var n in malinkySettings)$(a).find(malinkySettings[n].posts_wrapper).length&&$(a).find(malinkySettings[n].post_wrapper).length&&$(a).find(malinkySettings[n].pagination_wrapper).length&&t++;return t},mapAddPaginatorCount=function(a,t){var n=1;for(var o in malinkySettings)$(a).find(malinkySettings[o].posts_wrapper).length&&$(a).find(malinkySettings[o].post_wrapper).length&&$(a).find(malinkySettings[o].pagination_wrapper).length&&(1==t?($(a).find(malinkySettings[o].posts_wrapper).attr("data-paginator-count",n),$(a).find(malinkySettings[o].pagination_wrapper).attr("data-paginator-count",n)):($(a).find(malinkySettings[o].posts_wrapper).attr("data-paginator-count",n),$(a).find(malinkySettings[o].posts_wrapper+" "+malinkySettings[o].pagination_wrapper).attr("data-paginator-count",n),$(a).find(malinkySettings[o].posts_wrapper+" "+malinkySettings[o].next_page_selector).attr("data-paginator-count",n),n++))},mapIsLastPage=function(a,t){return $(a).find(t).length},mapAddLoader=function(){$(mymapPaginationClass+'[data-paginator-count="'+mymapPaginatorCount+'"]').last().before('<div class="malinky-ajax-pagination-loading" data-paginator-count="'+mymapPaginatorCount+'">'+mymapAjaxLoader+"</div>")},mapLoading=function(){$('.malinky-ajax-pagination-loading[data-paginator-count="'+mymapPaginatorCount+'"]').show(),"load-more"!=mymapPagingType&&"infinite-scroll"!=mymapPagingType||$('#malinky-ajax-pagination-button[data-paginator-count="'+mymapPaginatorCount+'"]').text(mymapLoadingMorePostsText)},mapLoaded=function(){$('.malinky-ajax-pagination-loading[data-paginator-count="'+mymapPaginatorCount+'"]').hide(),"load-more"!=mymapPagingType&&"infinite-scroll"!=mymapPagingType||$('#malinky-ajax-pagination-button[data-paginator-count="'+mymapPaginatorCount+'"]').text(mymapLoadMoreButtonText),clearTimeout(mymapLoadingTimer)},mapFailed=function(){$('.malinky-ajax-pagination-loading[data-paginator-count="'+mymapPaginatorCount+'"]').hide(),clearTimeout(mymapLoadingTimer)},mapInfiniteScroll=debounce(function(){if(!infiniteScrollRunning){var a=($(document).height()-$(window).scrollTop()-$(window).height(),$(mymapPostsWrapperClass+'[data-paginator-count="'+mymapPaginatorCount+'"]').offset().top),t=$(mymapPostsWrapperClass+'[data-paginator-count="'+mymapPaginatorCount+'"]').outerHeight();[https://cdn.yashodahospitals.com/wp-content/cache/wpfc-minified/9mfplv3v/4i449.js]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
Best Hospital in Hyderabad | Multi Speciality Hospitals In India | Yashoda Hospitals