Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test encrypted Terminus session #378

Closed
wants to merge 142 commits into from
Closed

Test encrypted Terminus session #378

wants to merge 142 commits into from

Conversation

kyletaylored
Copy link

No description provided.

@kyletaylored
Create upstream_sync.yml
10e2ab9
@kyletaylored
Remove config option
a8fc749
@kyletaylored
Update cron to 15 minutes
9691ec4
@kyletaylored
Test rebase
f208f13
@kyletaylored
Use git protocol
d08edf1
@kyletaylored
Remove --all
62ad199
@kyletaylored
Use HTTPS git
bd1a2fd
@kyletaylored
Track master
4b1a675
@kyletaylored
Update upstream_sync.yml
2164f93
@kyletaylored
Schedule cron on Sundays
b0b6c52
@kyletaylored
Add Pantheon plugins
02c9418 
- BlogVault
- Advanced Page Cache
- HUD
- Solr
- PHP Native Sessions
- Redis
@kyletaylored
Adding sitebuilding plugins
0a9fc9d 
- ACF
- CF7
- Custom Post UI
- Elementor
@kyletaylored
Adding dev plugins
702221e
@kyletaylored
Adding Google Site Kit (and dev)
e8ff5fe
@kyletaylored
Adding Lando config
9dea34f
@kyletaylored
Remove unused themes
de50b15
@kyletaylored
Remove Fastly and Lockr
f1a04de
@kyletaylored
Added Sitekit local config
c7fddd0
@kyletaylored
Add Page Cache TTL to WP CFM
a6f1c6e
@kyletaylored
Add test / live TTL
b1ea879
@kyletaylored
Update upstream_sync.yml
4d9a14e 
Add global email/name
@kyletaylored
Update readme.html
d662b46
@kyletaylored
Break down workflow steps
5aa74b7
@kyletaylored
Create upstream_sync.yml
21e9b77
@kyletaylored
Remove config option
f428da6
@kyletaylored
Update cron to 15 minutes
bd1a295
@kyletaylored
Test rebase
72660d9
@kyletaylored
Use git protocol
b444ea1
@kyletaylored
Remove --all
84a2332
@kyletaylored
Use HTTPS git
7ee9904
Kyle Taylor and others added 26 commits September 27, 2023 03:29
Update checkout action
b3a1b36
Add deployment workflow
7ae2b14
Merge branch 'master' into DEV-35
c4bdb86
@kyletaylored
Merge pull request #2 from the-scranton-branch/DEV-35
0f0c5d0 
DEV-35 - Update lando config
Run deploy when pushing to master (for now)
7cda9f3
Merge branch 'master' of github.com:the-scranton-branch/Scranton-Word…
1175b11 
…Press
Try heredoc
90c713c
Concat names by comma
0e62b15
Fix trailing, add brackets
6ba2589
Try JSON
3e05f0f
Try JSON
545f7a5 
Was: Merged master into master
Don't fail everyone
52e9391
Don't fail everyone
c332fcb 
Was: Merged master into master
Remove quiet to see output
47cc857
Remove quiet to see output
3d77680 
Was: Merged master into master
@kyletaylored
Disable index on lando config
72dcc94
Add fetch for repo
6904372
Add fetch for repo
1573448 
Was: Merged master into master
Assume upstream, add badge
131e125
Merge branch 'master' into DEV-36
563f1d7
Ensure setting to git mode
0f55bee
@kyletaylored
Merge pull request #3 from the-scranton-branch/DEV-36
ec7f3cf 
Disable index on lando config
Merge pull request #3 from the-scranton-branch/DEV-36
1a37523 
Disable index on lando config

Was: Merged master into master
Update PHP Native Sessions
2207e56
Merge branch 'master' of github.com:pantheon-systems/WordPress
64d47ca
Test new Terminus GHA
52d0e62
@kyletaylored kyletaylored deleted the encr-session branch March 7, 2024 22:00
@kyletaylored kyletaylored restored the encr-session branch March 7, 2024 22:00
@guardrails GuardRails
Copy link

guardrails bot commented Mar 7, 2024

⚠️ We detected 78 security issues in this pull request:

Hard-Coded Secrets (9)
Severity Details Docs
Medium Title: Hex High Entropy String

WordPress/wp-content/plugins/distributor/composer.json

Line 22 in 52d0e62

"reference":"0eef095b4dc984c26ee8149c01a323be83da715a"
📚
Medium Title: Secret Keyword

WordPress/wp-content/plugins/distributor/includes/classes/Authentications/WordPressDotcomOauth2Authentication.php

Line 42 in 52d0e62

const API_CLIENT_SECRET = 'rest_api_client_secret';
📚
Medium Title: Secret Keyword

WordPress/wp-content/plugins/wpforms-lite/includes/providers/class-constant-contact.php

Line 26 in 52d0e62

public $api_key = 'c58xq3r27udz59h9rrq7qnvf';
📚
Medium Title: Secret Keyword

WordPress/wp-content/plugins/wpforms-lite/src/Integrations/LiteConnect/LiteConnect.php

Line 30 in 52d0e62

const AUTH_KEY_ARG = 'wpforms-liteconnect-auth-key';
📚
Medium Title: Google OAuth Key

WordPress/private/config/dev/sitekit_local.json

Line 2 in 52d0e62

"googlesitekitdev_settings": "a:3:{s:8:\"site_url\";s:36:\"https:\/\/scranton-wordpress.lndo.site\";s:16:\"oauth2_client_id\";s:72:\"600983500769-sl4d8g9q492vkn0cvb5r7r7fjuoticte.apps.googleusercontent.com\";s:20:\"oauth2_client_secret\";s:24:\"BtZ-pPGnamGadkDylivAVJh-\";}",
📚
Medium Title: Google Cloud API Key

WordPress/wp-content/plugins/map-block-gutenberg/assets/js/_source/blocks/inspector.js

Line 93 in 52d0e62

api_key = 'AIzaSyAjyDspiPfzEfjRSS5fQzm-3jHFjHxeXB4';
📚
Medium Title: Google Cloud API Key

WordPress/wp-content/plugins/map-block-gutenberg/assets/js/editor.blocks.js

Line 428 in 52d0e62

eval("/* harmony import */ var __WEBPACK_IMPORTED_MODULE_0_babel_runtime_core_js_object_get_prototype_of__ = __webpack_require__(36);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_0_babel_runtime_core_js_object_get_prototype_of___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_0_babel_runtime_core_js_object_get_prototype_of__);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_1_babel_runtime_helpers_classCallCheck__ = __webpack_require__(38);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_1_babel_runtime_helpers_classCallCheck___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_1_babel_runtime_helpers_classCallCheck__);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_2_babel_runtime_helpers_createClass__ = __webpack_require__(39);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_2_babel_runtime_helpers_createClass___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_2_babel_runtime_helpers_createClass__);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_3_babel_runtime_helpers_possibleConstructorReturn__ = __webpack_require__(40);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_3_babel_runtime_helpers_possibleConstructorReturn___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_3_babel_runtime_helpers_possibleConstructorReturn__);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_4_babel_runtime_helpers_inherits__ = __webpack_require__(46);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_4_babel_runtime_helpers_inherits___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_4_babel_runtime_helpers_inherits__);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_5_lodash_throttle__ = __webpack_require__(93);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_5_lodash_throttle___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_5_lodash_throttle__);\n\n\n\n\n\n/**\n * Internal block libraries\n */\n\n\n\nvar Component = wp.element.Component;\nvar _wp$editor = wp.editor,\n InspectorControls = _wp$editor.InspectorControls,\n ColorPalette = _wp$editor.ColorPalette;\nvar _wp$components = wp.components,\n Button = _wp$components.Button,\n ButtonGroup = _wp$components.ButtonGroup,\n CheckboxControl = _wp$components.CheckboxControl,\n PanelBody = _wp$components.PanelBody,\n PanelRow = _wp$components.PanelRow,\n PanelColor = _wp$components.PanelColor,\n RadioControl = _wp$components.RadioControl,\n RangeControl = _wp$components.RangeControl,\n TextControl = _wp$components.TextControl,\n TextareaControl = _wp$components.TextareaControl,\n ToggleControl = _wp$components.ToggleControl,\n Toolbar = _wp$components.Toolbar,\n SelectControl = _wp$components.SelectControl;\n\n/**\n * Create an Inspector Controls wrapper Component\n */\n\nvar Inspector = function (_Component) {\n __WEBPACK_IMPORTED_MODULE_4_babel_runtime_helpers_inherits___default()(Inspector, _Component);\n\n function Inspector() {\n __WEBPACK_IMPORTED_MODULE_1_babel_runtime_helpers_classCallCheck___default()(this, Inspector);\n\n var _this = __WEBPACK_IMPORTED_MODULE_3_babel_runtime_helpers_possibleConstructorReturn___default()(this, (Inspector.__proto__ || __WEBPACK_IMPORTED_MODULE_0_babel_runtime_core_js_object_get_prototype_of___default()(Inspector)).apply(this, arguments));\n\n _this.updateApiKey = _this.updateApiKey.bind(_this);\n _this.updateApiKeyThrottled = __WEBPACK_IMPORTED_MODULE_5_lodash_throttle___default()(_this.updateApiKey, 3000);\n return _this;\n }\n\n __WEBPACK_IMPORTED_MODULE_2_babel_runtime_helpers_createClass___default()(Inspector, [{\n key: 'updateApiKey',\n value: function updateApiKey(key) {\n wf_map_block.api_key = key;\n\n fetch(ajaxurl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: \"action=gmw_map_block_save_key&_ajax_nonce=\" + wf_map_block.nonce_save_api_key + \"&api_key=\" + key\n });\n }\n }, {\n key: 'render',\n value: function render() {\n var _this2 = this;\n\n var _props = this.props,\n _props$attributes = _props.attributes,\n zoom = _props$attributes.zoom,\n height = _props$attributes.height,\n address = _props$attributes.address,\n api_key = _props$attributes.api_key,\n setAttributes = _props.setAttributes;\n\n\n return wp.element.createElement(\n InspectorControls,\n null,\n wp.element.createElement(\n PanelBody,\n null,\n wp.element.createElement(TextControl, {\n label: wf_map_block._address,\n value: address,\n onChange: function onChange(address) {\n return setAttributes({ address: address });\n }\n })\n ),\n wp.element.createElement(\n PanelBody,\n null,\n wp.element.createElement(RangeControl, {\n beforeIcon: 'arrow-left-alt2',\n afterIcon: 'arrow-right-alt2',\n label: wf_map_block._zoom,\n value: zoom,\n onChange: function onChange(zoom) {\n return setAttributes({ zoom: zoom });\n },\n min: 1,\n max: 21\n })\n ),\n wp.element.createElement(\n PanelBody,\n null,\n wp.element.createElement(RangeControl, {\n beforeIcon: 'arrow-left-alt2',\n afterIcon: 'arrow-right-alt2',\n label: wf_map_block._height,\n value: height,\n onChange: function onChange(height) {\n return setAttributes({ height: height });\n },\n min: 50,\n max: 1000\n })\n ),\n wp.element.createElement(\n PanelBody,\n null,\n wp.element.createElement(TextControl, {\n label: wf_map_block._api_key,\n help: wp.element.createElement(\n 'p',\n null,\n wf_map_block._api_info_start,\n ' ',\n wp.element.createElement(\n 'a',\n { href: 'https://console.developers.google.com', target: '_blank' },\n wf_map_block._api_info_console\n ),\n '. ',\n wf_map_block._api_info_end\n ),\n value: api_key,\n onChange: function onChange(api_key) {\n if (!api_key) {\n api_key = 'AIzaSyAjyDspiPfzEfjRSS5fQzm-3jHFjHxeXB4';\n }\n setAttributes({ api_key: api_key });\n _this2.updateApiKeyThrottled(api_key);\n }\n })\n )\n );\n }\n }]);\n\n return Inspector;\n}(Component);\n\n/* harmony default export */ __webpack_exports__[\"a\"] = (Inspector);//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiNTguanMiLCJzb3VyY2VzIjpbIndlYnBhY2s6Ly8vLi9ibG9ja3MvaW5zcGVjdG9yLmpzPzVmYTIiXSwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IF9PYmplY3QkZ2V0UHJvdG90eXBlT2YgZnJvbSAnYmFiZWwtcnVudGltZS9jb3JlLWpzL29iamVjdC9nZXQtcHJvdG90eXBlLW9mJztcbmltcG9ydCBfY2xhc3NDYWxsQ2hlY2sgZnJvbSAnYmFiZWwtcnVudGltZS9oZWxwZXJzL2NsYXNzQ2FsbENoZWNrJztcbmltcG9ydCBfY3JlYXRlQ2xhc3MgZnJvbSAnYmFiZWwtcnVudGltZS9oZWxwZXJzL2NyZWF0ZUNsYXNzJztcbmltcG9ydCBfcG9zc2libGVDb25zdHJ1Y3RvclJldHVybiBmcm9tICdiYWJlbC1ydW50aW1lL2hlbHBlcnMvcG9zc2libGVDb25zdHJ1Y3RvclJldHVybic7XG5pbXBvcnQgX2luaGVyaXRzIGZyb20gJ2JhYmVsLXJ1bnRpbWUvaGVscGVycy9pbmhlcml0cyc7XG4vKipcbiAqIEludGVybmFsIGJsb2NrIGxpYnJhcmllc1xuICovXG5cbmltcG9ydCB0aHJvdHRsZSBmcm9tICdsb2Rhc2gudGhyb3R0bGUnO1xuXG52YXIgQ29tcG9uZW50ID0gd3AuZWxlbWVudC5Db21wb25lbnQ7XG52YXIgX3dwJGVkaXRvciA9IHdwLmVkaXRvcixcbiAgICBJbnNwZWN0b3JDb250cm9scyA9IF93cCRlZGl0b3IuSW5zcGVjdG9yQ29udHJvbHMsXG4gICAgQ29sb3JQYWxldHRlID0gX3dwJGVkaXRvci5Db2xvclBhbGV0dGU7XG52YXIgX3dwJGNvbXBvbmVudHMgPSB3cC5jb21wb25lbnRzLFxuICAgIEJ1dHRvbiA9IF93cCRjb21wb25lbnRzLkJ1dHRvbixcbiAgICBCdXR0b25Hcm91cCA9IF93cCRjb21wb25lbnRzLkJ1dHRvbkdyb3VwLFxuICAgIENoZWNrYm94Q29udHJvbCA9IF93cCRjb21wb25lbnRzLkNoZWNrYm94Q29udHJvbCxcbiAgICBQYW5lbEJvZHkgPSBfd3AkY29tcG9uZW50cy5QYW5lbEJvZHksXG4gICAgUGFuZWxSb3cgPSBfd3AkY29tcG9uZW50cy5QYW5lbFJvdyxcbiAgICBQYW5lbENvbG9yID0gX3dwJGNvbXBvbmVudHMuUGFuZWxDb2xvcixcbiAgICBSYWRpb0NvbnRyb2wgPSBfd3AkY29tcG9uZW50cy5SYWRpb0NvbnRyb2wsXG4gICAgUmFuZ2VDb250cm9sID0gX3dwJGNvbXBvbmVudHMuUmFuZ2VDb250cm9sLFxuICAgIFRleHRDb250cm9sID0gX3dwJGNvbXBvbmVudHMuVGV4dENvbnRyb2wsXG4gICAgVGV4dGFyZWFDb250cm9sID0gX3dwJGNvbXBvbmVudHMuVGV4dGFyZWFDb250cm9sLFxuICAgIFRvZ2dsZUNvbnRyb2wgPSBfd3AkY29tcG9uZW50cy5Ub2dnbGVDb250cm9sLFxuICAgIFRvb2xiYXIgPSBfd3AkY29tcG9uZW50cy5Ub29sYmFyLFxuICAgIFNlbGVjdENvbnRyb2wgPSBfd3AkY29tcG9uZW50cy5TZWxlY3RDb250cm9sO1xuXG4vKipcbiAqIENyZWF0ZSBhbiBJbnNwZWN0b3IgQ29udHJvbHMgd3JhcHBlciBDb21wb25lbnRcbiAqL1xuXG52YXIgSW5zcGVjdG9yID0gZnVuY3Rpb24gKF9Db21wb25lbnQpIHtcbiAgICBfaW5oZXJpdHMoSW5zcGVjdG9yLCBfQ29tcG9uZW50KTtcblxuICAgIGZ1bmN0aW9uIEluc3BlY3RvcigpIHtcbiAgICAgICAgX2NsYXNzQ2FsbENoZWNrKHRoaXMsIEluc3BlY3Rvcik7XG5cbiAgICAgICAgdmFyIF90aGlzID0gX3Bvc3NpYmxlQ29uc3RydWN0b3JSZXR1cm4odGhpcywgKEluc3BlY3Rvci5fX3Byb3RvX18gfHwgX09iamVjdCRnZXRQcm90b3R5cGVPZihJbnNwZWN0b3IpKS5hcHBseSh0aGlzLCBhcmd1bWVudHMpKTtcblxuICAgICAgICBfdGhpcy51cGRhdGVBcGlLZXkgPSBfdGhpcy51cGRhdGVBcGlLZXkuYmluZChfdGhpcyk7XG4gICAgICAgIF90aGlzLnVwZGF0ZUFwaUtleVRocm90dGxlZCA9IHRocm90dGxlKF90aGlzLnVwZGF0ZUFwaUtleSwgMzAwMCk7XG4gICAgICAgIHJldHVybiBfdGhpcztcbiAgICB9XG5cbiAgICBfY3JlYXRlQ2xhc3MoSW5zcGVjdG9yLCBbe1xuICAgICAgICBrZXk6ICd1cGRhdGVBcGlLZXknLFxuICAgICAgICB2YWx1ZTogZnVuY3Rpb24gdXBkYXRlQXBpS2V5KGtleSkge1xuICAgICAgICAgICAgd2ZfbWFwX2Jsb2NrLmFwaV9rZXkgPSBrZXk7XG5cbiAgICAgICAgICAgIGZldGNoKGFqYXh1cmwsIHtcbiAgICAgICAgICAgICAgICBtZXRob2Q6ICdQT1NUJyxcbiAgICAgICAgICAgICAgICBoZWFkZXJzOiB7ICdDb250ZW50LVR5cGUnOiAnYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkJyB9LFxuICAgICAgICAgICAgICAgIGJvZHk6IFwiYWN0aW9uPWdtd19tYXBfYmxvY2tfc2F2ZV9rZXkmYXBpX2tleT1cIiArIGtleVxuICAgICAgICAgICAgfSk7XG4gICAgICAgIH1cbiAgICB9LCB7XG4gICAgICAgIGtleTogJ3JlbmRlcicsXG4gICAgICAgIHZhbHVlOiBmdW5jdGlvbiByZW5kZXIoKSB7XG4gICAgICAgICAgICB2YXIgX3RoaXMyID0gdGhpcztcblxuICAgICAgICAgICAgdmFyIF9wcm9wcyA9IHRoaXMucHJvcHMsXG4gICAgICAgICAgICAgICAgX3Byb3BzJGF0dHJpYnV0ZXMgPSBfcHJvcHMuYXR0cmlidXRlcyxcbiAgICAgICAgICAgICAgICB6b29tID0gX3Byb3BzJGF0dHJpYnV0ZXMuem9vbSxcbiAgICAgICAgICAgICAgICBoZWlnaHQgPSBfcHJvcHMkYXR0cmlidXRlcy5oZWlnaHQsXG4gICAgICAgICAgICAgICAgYWRkcmVzcyA9IF9wcm9wcyRhdHRyaWJ1dGVzLmFkZHJlc3MsXG4gICAgICAgICAgICAgICAgYXBpX2tleSA9IF9wcm9wcyRhdHRyaWJ1dGVzLmFwaV9rZXksXG4gICAgICAgICAgICAgICAgc2V0QXR0cmlidXRlcyA9IF9wcm9wcy5zZXRBdHRyaWJ1dGVzO1xuXG5cbiAgICAgICAgICAgIHJldHVybiB3cC5lbGVtZW50LmNyZWF0ZUVsZW1lbnQoXG4gICAgICAgICAgICAgICAgSW5zcGVjdG9yQ29udHJvbHMsXG4gICAgICAgICAgICAgICAgbnVsbCxcbiAgICAgICAgICAgICAgICB3cC5lbGVtZW50LmNyZWF0ZUVsZW1lbnQoXG4gICAgICAgICAgICAgICAgICAgIFBhbmVsQm9keSxcbiAgICAgICAgICAgICAgICAgICAgbnVsbCxcbiAgICAgICAgICAgICAgICAgICAgd3AuZWxlbWVudC5jcmVhdGVFbGVtZW50KFRleHRDb250cm9sLCB7XG4gICAgICAgICAgICAgICAgICAgICAgICBsYWJlbDogd2ZfbWFwX2Jsb2NrLl9hZGRyZXNzLFxuICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU6IGFkZHJlc3MsXG4gICAgICAgICAgICAgICAgICAgICAgICBvbkNoYW5nZTogZnVuY3Rpb24gb25DaGFuZ2UoYWRkcmVzcykge1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiBzZXRBdHRyaWJ1dGVzKHsgYWRkcmVzczogYWRkcmVzcyB9KTtcbiAgICAgICAgICAgICAgICAgICAgICAgIH1cbiAgICAgICAgICAgICAgICAgICAgfSlcbiAgICAgICAgICAgICAgICApLFxuICAgICAgICAgICAgICAgIHdwLmVsZW1lbnQuY3JlYXRlRWxlbWVudChcbiAgICAgICAgICAgICAgICAgICAgUGFuZWxCb2R5LFxuICAgICAgICAgICAgICAgICAgICBudWxsLFxuICAgICAgICAgICAgICAgICAgICB3cC5lbGVtZW50LmNyZWF0ZUVsZW1lbnQoUmFuZ2VDb250cm9sLCB7XG4gICAgICAgICAgICAgICAgICAgICAgICBiZWZvcmVJY29uOiAnYXJyb3ctbGVmdC1hbHQyJyxcbiAgICAgICAgICAgICAgICAgICAgICAgIGFmdGVySWNvbjogJ2Fycm93LXJpZ2h0LWFsdDInLFxuICAgICAgICAgICAgICAgICAgICAgICAgbGFiZWw6IHdmX21hcF9ibG9jay5fem9vbSxcbiAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlOiB6b29tLFxuICAgICAgICAgICAgICAgICAgICAgICAgb25DaGFuZ2U6IGZ1bmN0aW9uIG9uQ2hhbmdlKHpvb20pIHtcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICByZXR1cm4gc2V0QXR0cmlidXRlcyh7IHpvb206IHpvb20gfSk7XG4gICAgICAgICAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICAgICAgICAgICAgbWluOiAxLFxuICAgICAgICAgICAgICAgICAgICAgICAgbWF4OiAyMVxuICAgICAgICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgICAgICksXG4gICAgICAgICAgICAgICAgd3AuZWxlbWVudC5jcmVhdGVFbGVtZW50KFxuICAgICAgICAgICAgICAgICAgICBQYW5lbEJvZHksXG4gICAgICAgICAgICAgICAgICAgIG51bGwsXG4gICAgICAgICAgICAgICAgICAgIHdwLmVsZW1lbnQuY3JlYXRlRWxlbWVudChSYW5nZUNvbnRyb2wsIHtcbiAgICAgICAgICAgICAgICAgICAgICAgIGJlZm9yZUljb246ICdhcnJvdy1sZWZ0LWFsdDInLFxuICAgICAgICAgICAgICAgICAgICAgICAgYWZ0ZXJJY29uOiAnYXJyb3ctcmlnaHQtYWx0MicsXG4gICAgICAgICAgICAgICAgICAgICAgICBsYWJlbDogd2ZfbWFwX2Jsb2NrLl9oZWlnaHQsXG4gICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZTogaGVpZ2h0LFxuICAgICAgICAgICAgICAgICAgICAgICAgb25DaGFuZ2U6IGZ1bmN0aW9uIG9uQ2hhbmdlKGhlaWdodCkge1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiBzZXRBdHRyaWJ1dGVzKHsgaGVpZ2h0OiBoZWlnaHQgfSk7XG4gICAgICAgICAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICAgICAgICAgICAgbWluOiA1MCxcbiAgICAgICAgICAgICAgICAgICAgICAgIG1heDogMTAwMFxuICAgICAgICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgICAgICksXG4gICAgICAgICAgICAgICAgd3AuZWxlbWVudC5jcmVhdGVFbGVtZW50KFxuICAgICAgICAgICAgICAgICAgICBQYW5lbEJvZHksXG4gICAgICAgICAgICAgICAgICAgIG51bGwsXG4gICAgICAgICAgICAgICAgICAgIHdwLmVsZW1lbnQuY3JlYXRlRWxlbWVudChUZXh0Q29udHJvbCwge1xuICAgICAgICAgICAgICAgICAgICAgICAgbGFiZWw6IHdmX21hcF9ibG9jay5fYXBpX2tleSxcbiAgICAgICAgICAgICAgICAgICAgICAgIGhlbHA6IHdwLmVsZW1lbnQuY3JlYXRlRWxlbWVudChcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAncCcsXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgbnVsbCxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICB3Zl9tYXBfYmxvY2suX2FwaV9pbmZvX3N0YXJ0LFxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICcgJyxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICB3cC5lbGVtZW50LmNyZWF0ZUVsZW1lbnQoXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdhJyxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeyBocmVmOiAnaHR0cHM6Ly9jb25zb2xlLmRldmVsb3BlcnMuZ29vZ2xlLmNvbScsIHRhcmdldDogJ19ibGFuaycgfSxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ZfbWFwX2Jsb2NrLl9hcGlfaW5mb19jb25zb2xlXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgKSxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAnLiAnLFxuICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdmX21hcF9ibG9jay5fYXBpX2luZm9fZW5kXG4gICAgICAgICAgICAgICAgICAgICAgICApLFxuICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU6IGFwaV9rZXksXG4gICAgICAgICAgICAgICAgICAgICAgICBvbkNoYW5nZTogZnVuY3Rpb24gb25DaGFuZ2UoYXBpX2tleSkge1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmICghYXBpX2tleSkge1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcGlfa2V5ID0gJ0FJemFTeUFqeURzcGlQZnpFZmpSU1M1ZlF6bS0zakhGakh4ZVhCNCc7XG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNldEF0dHJpYnV0ZXMoeyBhcGlfa2V5OiBhcGlfa2V5IH0pO1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgIF90aGlzMi51cGRhdGVBcGlLZXlUaHJvdHRsZWQoYXBpX2tleSk7XG4gICAgICAgICAgICAgICAgICAgICAgICB9XG4gICAgICAgICAgICAgICAgICAgIH0pXG4gICAgICAgICAgICAgICAgKVxuICAgICAgICAgICAgKTtcbiAgICAgICAgfVxuICAgIH1dKTtcblxuICAgIHJldHVybiBJbnNwZWN0b3I7XG59KENvbXBvbmVudCk7XG5cbmV4cG9ydCBkZWZhdWx0IEluc3BlY3RvcjtcblxuXG4vLy8vLy8vLy8vLy8vLy8vLy9cbi8vIFdFQlBBQ0sgRk9PVEVSXG4vLyAuL2Jsb2Nrcy9pbnNwZWN0b3IuanNcbi8vIG1vZHVsZSBpZCA9IDU4XG4vLyBtb2R1bGUgY2h1bmtzID0gMCJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQSIsInNvdXJjZVJvb3QiOiIifQ==\n//# sourceURL=webpack-internal:///58\n");
📚
Medium Title: Google Cloud API Key

WordPress/wp-content/plugins/map-block-gutenberg/map-block-gutenberg.php

Line 123 in 52d0e62

$api_key = get_option('gmw-map-block-key') ? get_option('gmw-map-block-key') : 'AIzaSyAjyDspiPfzEfjRSS5fQzm-3jHFjHxeXB4';
📚
Medium Title: WP-Config

WordPress/wp-content/plugins/wp-native-php-sessions/inc/class-session.php

Line 265 in 52d0e62

$dbpassword = defined( 'DB_PASSWORD' ) ? DB_PASSWORD : '';
📚

More info on how to fix Hard-Coded Secrets in General, JavaScript and PHP.

Insecure File Management (1)
Severity Details Docs
Medium Title: File inclusions with user input

WordPress/private/scripts/db-sanitize.php

Line 24 in 52d0e62

require_once $_SERVER['DOCUMENT_ROOT'] . '/wp-load.php';
📚

More info on how to fix Insecure File Management in PHP.

Insecure Network Communication (2)
Severity Details Docs
High Title: SSL verification is disabled (curl)

WordPress/wp-content/plugins/blocksy-companion/framework/helpers/helpers.php

Line 54 in 52d0e62

curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
📚
High Title: SSL verification is disabled (curl)

WordPress/wp-content/plugins/ocean-extra/includes/widgets/mailchimp.php

Line 76 in 52d0e62

curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
📚

More info on how to fix Insecure Network Communication in PHP.

Insecure Processing of Data (21)
Severity Details Docs
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js

Line 84 in 52d0e62

'blocksy-companion'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js

Line 131 in 52d0e62

'</a>'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js

Line 147 in 52d0e62

'</a>'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js

Line 166 in 52d0e62

'</a>'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/static/js/helpers/useExtensionReadme.js

Line 25 in 52d0e62

__html: extension.readme
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/static/js/screens/DemoInstall.js

Line 92 in 52d0e62

__html: demo_error,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/static/js/screens/DemoInstall.js

Line 135 in 52d0e62

'blocksy-companion'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/admin/dashboard/static/js/screens/Changelog.js

Line 78 in 52d0e62

'<span class="fix" title="Fix"></span>'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/bundle/274.b2841b7778b85d53b946.js

Line 1 in 52d0e62

"use strict";(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[274],{5274:function(e,t,n){n.r(t),n.d(t,{mount:function(){return i}});var o=n(1381),c=n(5652),l=n(5311),a=n.n(l),s=function(e){let{initialStatus:t,url:n,pluginUrl:l,pluginLink:s}=e;const[i,r]=(0,o.useState)("installed"),[u,m]=(0,o.useState)(!1),y=(0,o.useRef)(null);return(0,o.useEffect)((function(){r(t)}),[]),(0,o.createElement)("div",{className:"ct-blocksy-plugin-inner",ref:y},(0,o.createElement)("button",{onClick:function(){y.current.closest(".notice-blocksy-plugin").parentNode.removeChild(y.current.closest(".notice-blocksy-plugin")),a().ajax(ajaxurl,{type:"POST",data:{action:"blocksy_dismissed_notice_handler"}})},type:"button",className:"notice-dismiss"},(0,o.createElement)("span",{className:"screen-reader-text"},(0,c.__)("Dismiss this notice.","blocksy"))),(0,o.createElement)("span",{className:"ct-notification-icon"},(0,o.createElement)("svg",{width:"50",height:"50",viewBox:"0 0 50 50",xmlns:"http://www.w3.org/2000/svg"},(0,o.createElement)("path",{d:"M25 0c13.807 0 25 11.193 25 25S38.807 50 25 50 0 38.807 0 25 11.193 0 25 0zm4.735 25.637a.237.237 0 00-.312 0L19.28 34.83c-.069.063-.02.171.078.171h9.492c.116 0 .229-.042.312-.117l4.45-4.035a1.122 1.122 0 000-1.697zm0-10a.237.237 0 00-.312 0L18.13 25.873a.382.382 0 00-.129.282v7.613c0 .09.119.134.188.071l14.636-13.333c.517-.468.518-1.589 0-2.057zM27.674 15H18.22c-.122 0-.221.09-.221.2v8.568c0 .09.119.134.188.071l9.564-8.668c.07-.063.02-.171-.078-.171z",fill:"#23282D",fillRule:"evenodd"}))),(0,o.createElement)("div",{className:"ct-notification-content"},(0,o.createElement)("h2",null,(0,c.__)("Thanks for installing Blocksy, you rock!","blocksy")),(0,o.createElement)("p",{dangerouslySetInnerHTML:{__html:(0,c.__)("We strongly recommend you to activate the <b>Blocksy Companion</b> plugin.<br>This way you will have access to custom extensions, demo templates and many other awesome features.","blocksy")}}),(0,o.createElement)("div",{className:"notice-actions"},null,(0,o.createElement)("button",{className:"button button-primary",disabled:u||"active"===i,onClick:function(){m(!0),setTimeout((function(){})),a().ajax(ajaxurl,{type:"POST",data:{action:"blocksy_notice_button_click"}}).then((function(e){let{success:t,data:n}=e;t&&(r(n.status),"active"===n.status&&location.assign(l)),m(!1)}))}},u?(0,c.__)("Installing & activating...","blocksy"):"uninstalled"===i?(0,c.__)("Install Blocksy Companion","blocksy"):"installed"===i?(0,c.__)("Activate Blocksy Companion","blocksy"):(0,c.__)("Blocksy Companion active!","blocksy"),u&&(0,o.createElement)("i",{className:"dashicons dashicons-update"})),(0,o.createElement)("a",{className:"ct-why-button button",href:"https://creativethemes.com/blocksy/companion/"},(0,c.__)("Why you need Blocksy Companion?","blocksy")))))};const i=function(e){e.querySelector(".notice-blocksy-plugin-root")&&(0,o.render)((0,o.createElement)(s,{initialStatus:e.querySelector(".notice-blocksy-plugin-root").dataset.pluginStatus,url:e.querySelector(".notice-blocksy-plugin-root").dataset.url,pluginUrl:e.querySelector(".notice-blocksy-plugin-root").dataset.pluginUrl,pluginLink:e.querySelector(".notice-blocksy-plugin-root").dataset.link}),e.querySelector(".notice-blocksy-plugin-root")),[...document.querySelectorAll("[data-dismiss]")].map((function(e){e.addEventListener("click",(function(t){t.preventDefault(),e.closest(".notice-blocksy-woo-deprecation").remove(),a().ajax(ajaxurl,{type:"POST",data:{action:"blocksy_dismissed_notice_woo_deprecation"}})}))}))}}}]);
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/customizer/panels-builder/columns/AvailableItems.js

Line 54 in 52d0e62

builderValue.id
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/customizer/panels-builder/placements/AvailableItems.js

Line 57 in 52d0e62

builderValue.id
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/editor.js

Line 109 in 52d0e62

__html: ct_editor_localizations.options_panel_svg,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/notification/Notification.js

Line 72 in 52d0e62

'blocksy'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/GenericOptionType.js

Line 431 in 52d0e62

__html: maybeLink,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/GenericOptionType.js

Line 593 in 52d0e62

__html: maybeLink,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/GenericOptionType.js

Line 605 in 52d0e62

__html: maybeDesc,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/options/ct-image-picker.js

Line 67 in 52d0e62

__html: choice.src,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/options/ct-radio.js

Line 67 in 52d0e62

__html: option.choices[choice],
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/options/ct-ratio.js

Line 221 in 52d0e62

'</a>'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/options/html.js

Line 15 in 52d0e62

__html: option.html || '',
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/options/typography/TypographyModal.js

Line 428 in 52d0e62

'</a>'
📚

More info on how to fix Insecure Processing of Data in JavaScript.

Insecure Use of Dangerous Function (26)
Severity Details Docs
Critical Title: OS execution function with user input

WordPress/private/scripts/wp-site-import.php

Line 8 in 52d0e62

passthru("wp import $path/sample-data.xml --authors=skip");
📚
Critical Title: OS execution function with user input

WordPress/private/scripts/wp-site-install.php

Line 10 in 52d0e62

passthru("wp core install --title='$title' --admin_user='superuser' --admin_email='$email'");
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/admin-static/bundle/main.js

Line 1 in 52d0e62

!function(){var e,t,n={427:function(e,t,n){n.p=blocksy_ext_newsletter_subscribe_localization.public_url},313:function(e){"use strict";e.exports=window.React},381:function(e){"use strict";e.exports=window.wp.element},652:function(e){"use strict";e.exports=window.wp.i18n}},r={};function o(e){var t=r[e];if(void 0!==t)return t.exports;var i=r[e]={exports:{}};return n[e](i,i.exports,o),i.exports}o.m=n,o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,{a:t}),t},o.d=function(e,t){for(var n in t)o.o(t,n)&&!o.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},o.f={},o.e=function(e){return Promise.all(Object.keys(o.f).reduce((function(t,n){return o.f[n](e,t),t}),[]))},o.u=function(e){return e+"."+{260:"488fa16bb3be9a5f0f77",564:"9a7f61d0beb807554c33"}[e]+".js"},o.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},e={},t="blocksy-companion:",o.l=function(n,r,i,c){if(e[n])e[n].push(r);else{var u,a;if(void 0!==i)for(var l=document.getElementsByTagName("script"),s=0;s<l.length;s++){var f=l[s];if(f.getAttribute("src")==n||f.getAttribute("data-webpack")==t+i){u=f;break}}u||(a=!0,(u=document.createElement("script")).charset="utf-8",u.timeout=120,o.nc&&u.setAttribute("nonce",o.nc),u.setAttribute("data-webpack",t+i),u.src=n),e[n]=[r];var d=function(t,r){u.onerror=u.onload=null,clearTimeout(p);var o=e[n];if(delete e[n],u.parentNode&&u.parentNode.removeChild(u),o&&o.forEach((function(e){return e(r)})),t)return t(r)},p=setTimeout(d.bind(null,void 0,{type:"timeout",target:u}),12e4);u.onerror=d.bind(null,u.onerror),u.onload=d.bind(null,u.onload),a&&document.head.appendChild(u)}},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},function(){var e;o.g.importScripts&&(e=o.g.location+"");var t=o.g.document;if(!e&&t&&(t.currentScript&&(e=t.currentScript.src),!e)){var n=t.getElementsByTagName("script");n.length&&(e=n[n.length-1].src)}if(!e)throw new Error("Automatic publicPath is not supported in this browser");e=e.replace(/#.*$/,"").replace(/\?.*$/,"").replace(/\/[^\/]+$/,"/"),o.p=e}(),function(){var e={179:0};o.f.j=function(t,n){var r=o.o(e,t)?e[t]:void 0;if(0!==r)if(r)n.push(r[2]);else{var i=new Promise((function(n,o){r=e[t]=[n,o]}));n.push(r[2]=i);var c=o.p+o.u(t),u=new Error;o.l(c,(function(n){if(o.o(e,t)&&(0!==(r=e[t])&&(e[t]=void 0),r)){var i=n&&("load"===n.type?"missing":n.type),c=n&&n.target&&n.target.src;u.message="Loading chunk "+t+" failed.\n("+i+": "+c+")",u.name="ChunkLoadError",u.type=i,u.request=c,r[1](u)}}),"chunk-"+t,t)}};var t=function(t,n){var r,i,[c,u,a]=n,l=0;if(c.some((function(t){return 0!==e[t]}))){for(r in u)o.o(u,r)&&(o.m[r]=u[r]);a&&a(o)}for(t&&t(n);l<c.length;l++)i=c[l],o.o(e,i)&&e[i]&&e[i][0](),e[i]=0},n=globalThis.blocksyNewsletterSubscribeExtJsonp=globalThis.blocksyNewsletterSubscribeExtJsonp||[];n.forEach(t.bind(null,0)),n.push=t.bind(null,n.push.bind(n))}(),function(){"use strict";o(427);var e=o(381),t=o(652),n=o(313),r=(0,n.lazy)((function(){return Promise.all([o.e(260),o.e(564)]).then(o.bind(o,564))})),i=function(o){return(0,e.createElement)("div",null,(0,e.createElement)(n.Suspense,{fallback:(0,e.createElement)("div",{className:"ct-select-input"},(0,e.createElement)("input",{disabled:!0,placeholder:(0,t.__)("Loading...","blocksy-companion")}))},(0,e.createElement)(r,o)))},c=window.ctEvents,u=o.n(c);document.addEventListener("DOMContentLoaded",(function(){return u().on("blocksy:options:register",(function(e){e["blocksy-newsletter-subscribe"]=i}))}))}()}();
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/plugins/blocksy-companion/static/bundle/sticky.js

Line 1 in 52d0e62

!function(){"use strict";var t={n:function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(r,{a:r}),r},d:function(e,r){for(var n in r)t.o(r,n)&&!t.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:r[n]})},o:function(t,e){return Object.prototype.hasOwnProperty.call(t,e)}},e=window.ctEvents,r=t.n(e),n=window.ctFrontend,i=function(t,e,r){return Math.max(t,Math.min(e,r))},o=function(t,e,r){return e[0]+(e[1]-e[0])/(t[1]-t[0])*(r-t[0])},a=function(t){var e=getComputedStyle(t),r=getComputedStyle(t.firstElementChild),n=parseFloat(e.borderTopWidth)+parseFloat(e.borderBottomWidth)+parseFloat(r.borderTopWidth)+parseFloat(r.borderBottomWidth),i=parseFloat(e.getPropertyValue("--height"));if(t.querySelector('[data-items] > [data-id="logo"]')){var o=getComputedStyle(t.querySelector('[data-items] > [data-id="logo"]')),a=parseFloat(o.height);if(a+=parseFloat(o.marginTop)+parseFloat(o.marginBottom),t.querySelector(".site-logo-container")){var c=getComputedStyle(t.querySelector(".site-logo-container")),s=parseFloat(c.getPropertyValue("--logo-shrink-height")||0);s>0&&(a=a-s+parseFloat(c.getPropertyValue("--logo-max-height")||50))}a>i&&(i=a)}return i+n},c=function(t){if(t.blcInitialHeight)return t.blcInitialHeight;var e=t.firstElementChild;t.firstElementChild.firstElementChild&&(e=t.firstElementChild.firstElementChild);var r=e.getBoundingClientRect().height;return t.blcInitialHeight=r,r},s=function(t){var e=!(arguments.length>1&&void 0!==arguments[1])||arguments[1];if(t.blcStickyHeight)return t.blcStickyHeight;var r=c(t),n=getComputedStyle(t),i=getComputedStyle(t.firstElementChild);if(t.closest('[data-sticky*="yes"]')){var o=parseFloat(n.borderTopWidth)+parseFloat(n.borderBottomWidth)+parseFloat(i.borderTopWidth)+parseFloat(i.borderBottomWidth);e||(o=0);var s=t.getBoundingClientRect().height-o;if(s!==r||r>a(t))return t.blcStickyHeight=t.getBoundingClientRect().height,s}var l=100;return t.dataset.row.includes("middle")&&(l=n.getPropertyValue("--sticky-shrink")),l&&(r*=parseFloat(l)/100),r},l=function(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:function(){return 0},e=document.querySelector(".ct-floating-bar");e&&e.style.setProperty("--header-sticky-height-animated",t())};function u(t,e){(null==e||e>t.length)&&(e=t.length);for(var r=0,n=new Array(e);r<e;r++)n[r]=t[r];return n}var d=null,y=function(t){var e,r=t.stickyContainer,n=t.startPosition;(e=r.querySelectorAll('[data-row*="middle"]'),function(t){if(Array.isArray(t))return u(t)}(e)||function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}(e)||function(t,e){if(t){if("string"==typeof t)return u(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?u(t,e):void 0}}(e)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()).map((function(t){if(t.querySelector('[data-id="logo"] .site-logo-container')){var e=t.querySelector('[data-id="logo"] .site-logo-container'),r=function(t){var e=t.logo,r=t.row;if(d)return d;var n=parseFloat(getComputedStyle(e).getPropertyValue("--logo-max-height")||50),i=parseFloat(getComputedStyle(e).getPropertyValue("--logo-sticky-shrink").toString().replace(",",".")||1),o=c(r),a=s(r);return d={initialHeight:n,stickyShrink:i,rowInitialHeight:o,rowStickyHeight:a}}({logo:e,row:t}),a=r.initialHeight,l=r.stickyShrink,u=r.rowInitialHeight,y=r.rowStickyHeight,f=a*l;1!==l&&e.style.setProperty("--logo-shrink-height","".concat(o([n,n+Math.abs(u===y?a-f:u-y)],[1,l],i(n,n+Math.abs(u===y?a-f:u-y),scrollY))*a,"px"))}}))},f=null,h=function(t){var e=t.stickyContainer,r=(t.containerInitialHeight,t.startPosition);e.querySelector('[data-row*="middle"]')&&[e.querySelector('[data-row*="middle"]')].map((function(t){var e=function(t){var e=t.row;if(f)return f;var r=c(e),n=s(e);return f={rowInitialHeight:r,rowStickyHeight:n}}({row:t}),n=e.rowInitialHeight,a=e.rowStickyHeight;if(n!==a){var l;l=o([r,r+Math.abs(n-a)],[n,a],i(r,r+Math.abs(n-a),scrollY)),t.style.setProperty("--shrink-height","".concat(l,"px"))}}))};function m(t){return function(t){if(Array.isArray(t))return p(t)}(t)||function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}(t)||function(t,e){if(t){if("string"==typeof t)return p(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?p(t,e):void 0}}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function p(t,e){(null==e||e>t.length)&&(e=t.length);for(var r=0,n=new Array(e);r<e;r++)n[r]=t[r];return n}function g(t){return function(t){if(Array.isArray(t))return k(t)}(t)||function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}(t)||function(t,e){if(t){if("string"==typeof t)return k(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?k(t,e):void 0}}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function k(t,e){(null==e||e>t.length)&&(e=t.length);for(var r=0,n=new Array(e);r<e;r++)n[r]=t[r];return n}var v=function(t){var e=t.stickyContainer,r=g(e.querySelectorAll("[data-row]")).reduce((function(t,e){return t+s(e,!1)}),0);return{stickyContainerHeight:r,stickyContainerHeightAbsolute:r+parseFloat(getComputedStyle(e).top)}},b=null;function w(t){return function(t){if(Array.isArray(t))return S(t)}(t)||function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}(t)||function(t,e){if(t){if("string"==typeof t)return S(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?S(t,e):void 0}}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function S(t,e){(null==e||e>t.length)&&(e=t.length);for(var r=0,n=new Array(e);r<e;r++)n[r]=t[r];return n}function A(t){return function(t){if(Array.isArray(t))return C(t)}(t)||function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}(t)||function(t,e){if(t){if("string"==typeof t)return C(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?C(t,e):void 0}}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function C(t,e){(null==e||e>t.length)&&(e=t.length);for(var r=0,n=new Array(e);r<e;r++)n[r]=t[r];return n}var O=function(t){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"yes";Array.from(t.querySelectorAll("[data-row][data-transparent-row]")).map((function(t){t.dataset.transparentRow=e}))},x=null,I={},j=null,H=null,P=!1,q=function(){f=null,d=null,x=null,j=null,H=null,T=null,P=!1};if(r().on("blocksy:sticky:compute",(function(){setTimeout((function(){q(),Y()}),100)})),window.wp&&wp.customize&&wp.customize.selectiveRefresh){var F=!1;wp.customize.selectiveRefresh.bind("partial-content-rendered",(function(t){F||(F=!0,setTimeout((function(){q(),P=!0,Y(),F=!1}),500))}))}var T=null,Y=function(){if(T!==scrollY){var t=document.querySelector('[data-device="'.concat((0,n.getCurrentScreen)(),'"] [data-sticky]'));if(t){var e=(0,n.getCurrentScreen)({withTablet:!0}),r=I[e],i=!r||P;r||(I[e]=A(t.querySelectorAll("[data-row]")).reduce((function(t,e){return t+a(e)}),0),r=I[e]),i&&(P=!1,t.parentNode.style.height="".concat(r,"px"));var o=x;null===o&&(o=function(t){-1===t.dataset.sticky.indexOf("shrink")&&t.dataset.sticky.indexOf("auto-hide");var e=t.closest("header").getBoundingClientRect().top+scrollY;if(e>0){var r=document.elementFromPoint(0,3);r&&function(t){for(var e=[];t&&t!==document;t=t.parentNode)e.push(t);return e}(r).map((function(t){return getComputedStyle(t).position})).indexOf("fixed")>-1&&(e-=r.getBoundingClientRect().height)}-1===t.dataset.sticky.indexOf("shrink")&&-1===t.dataset.sticky.indexOf("auto-hide")&&(e+=200);var n=t.parentNode,i=getComputedStyle(document.body),o=parseFloat(i.getPropertyValue("--header-sticky-offset")||0);if(o+=parseFloat(i.getPropertyValue("--frame-size"))||0,1===n.parentNode.children.length||n.parentNode.children[0].classList.contains("ct-sticky-container"))return e>0?e-o:e;var a=Array.from(n.parentNode.children).reduce((function(t,e,r){return t.indexOf(0)>-1||!e.dataset.row?[].concat(A(t),[0]):[].concat(A(t),[e.classList.contains("ct-sticky-container")?0:e.getBoundingClientRect().height])}),[]).reduce((function(t,e){return t+e}),e);return a>0?a-o:a}(t),x=o);var c=j;null===c&&(c=t.closest("[data-device]").getBoundingClientRect().height,j=c);var u=H,d=t.dataset.sticky.split(":").filter((function(t){return"yes"!==t&&"no"!==t&&"fixed"!==t}));u||(u=A(t.querySelectorAll("[data-row]")).reduce((function(t,e){return t+s(e)}),0),H=parseInt(u),l((function(){return-1===d.indexOf("auto-hide")?u>A(t.querySelectorAll("[data-row]")).reduce((function(t,e){return t+a(e)}),0)?"".concat(u,"px"):"".concat(A(t.querySelectorAll("[data-row]")).reduce((function(t,e){return t+s(e)}),0),"px"):"0px"})));var f=o>0&&Math.abs(window.scrollY-o)<5||window.scrollY>o;d.indexOf("shrink")>-1&&(f=o>0?window.scrollY>=o:window.scrollY>0),setTimeout((function(){f&&-1===document.body.dataset.header.indexOf("shrink")&&(document.body.dataset.header="".concat(document.body.dataset.header,":shrink")),!f&&document.body.dataset.header.indexOf("shrink")>-1&&(document.body.dataset.header=document.body.dataset.header.replace(":shrink",""))}),300);var p=scrollY;d.indexOf("shrink")>-1&&function(t){var e=t.containerInitialHeight,r=t.stickyContainer,n=t.isSticky,i=t.startPosition,o=t.stickyComponents;if(0===i&&0===window.scrollY&&(r.dataset.sticky=["fixed"].concat(m(o)).join(":")),n){if(o.indexOf("yes")>-1)return;-1===r.dataset.sticky.indexOf("yes")&&(O(r,"no"),r.dataset.sticky=["yes"].concat(m(o)).join(":")),y({stickyContainer:r,startPosition:i}),h({stickyContainer:r,containerInitialHeight:e,startPosition:i})}else Array.from(r.querySelectorAll("[data-row]")).map((function(t){return t.removeAttribute("style")})),Array.from(r.querySelectorAll('[data-row*="middle"] .site-logo-container')).map((function(t){return t.removeAttribute("style")})),O(r,"yes"),0===i&&window.scrollY<=0?r.dataset.sticky=["fixed"].concat(m(o)).join(":"):r.dataset.sticky=o.join(":")}({stickyContainer:t,stickyContainerHeight:u,containerInitialHeight:r,isSticky:f,startPosition:o,stickyComponents:d}),d.indexOf("auto-hide")>-1&&function(t){var e=t.currentScrollY,r=t.stickyContainer,n=t.containerInitialHeight,i=t.headerInitialHeight,o=t.startPosition,a=t.isSticky,c=t.stickyComponents;a&&e-t.prevScrollY==0&&l((function(){return"0px"})),a?-1===r.dataset.sticky.indexOf("yes")&&e>2*i+o&&(r.dataset.sticky=["yes"].concat(g(c)).join(":"),y({stickyContainer:r,startPosition:o}),h({stickyContainer:r,containerInitialHeight:n,startPosition:o}),O(r,"no"),document.body.removeAttribute("style")):(Array.from(r.querySelectorAll("[data-row]")).map((function(t){return t.removeAttribute("style")})),Array.from(r.querySelectorAll('[data-row*="middle"] .site-logo-container')).map((function(t){return t.removeAttribute("style")})),r.dataset.sticky=g(c).join(":"),O(r,"yes"),l((function(){return"0px"})),b=null),null===b&&(b=1e3);var s=b+t.prevScrollY-e,u=0;if(e>2*i+o||r.dataset.sticky.indexOf("yes")>-1){if(e<=o)u=0;else if(e>t.prevScrollY){var d=v({stickyContainer:r}).stickyContainerHeightAbsolute;u=Math.abs(s)>d?-d:s}else u=s>0?0:s;r.style.transform="translateY(".concat(u,"px)"),b=u}else r.removeAttribute("style");r.dataset.sticky.indexOf("yes")>-1&&(e<=o||e>t.prevScrollY||(y({stickyContainer:r,startPosition:o}),h({stickyContainer:r,containerInitialHeight:n,startPosition:o}))),l((function(){var t=v({stickyContainer:r}).stickyContainerHeight;return"".concat(t-Math.abs(u),"px")}))}({stickyContainer:t,isSticky:f,startPosition:o,stickyComponents:d,containerInitialHeight:r,stickyContainerHeight:u,headerInitialHeight:c,currentScrollY:p,prevScrollY:T}),(d.indexOf("slide")>-1||d.indexOf("fade")>-1)&&function(t){var e=t.stickyContainer,r=t.startPosition,n=t.stickyComponents;t.isSticky?(-1===e.dataset.sticky.indexOf("yes")&&(e.dataset.sticky=["yes-start"].concat(w(n)).join(":"),setTimeout((function(){e.dataset.sticky=e.dataset.sticky.replace("yes-start","yes-end"),setTimeout((function(){e.dataset.sticky=e.dataset.sticky.replace("yes-end","yes")}),200)}),1)),O(e,"no")):-1===e.dataset.sticky.indexOf("yes-hide")&&e.dataset.sticky.indexOf("yes:")>-1&&(Math.abs(window.scrollY-r)>10?(e.dataset.sticky=n.join(":"),setTimeout((function(){Array.from(e.querySelectorAll("[data-row]")).map((function(t){return t.removeAttribute("style")}))}),300),O(e,"yes")):(e.dataset.sticky=["yes-hide-start"].concat(w(n)).join(":"),requestAnimationFrame((function(){e.dataset.sticky=e.dataset.sticky.replace("yes-hide-start","yes-hide-end"),setTimeout((function(){e.dataset.sticky=n.join(":"),setTimeout((function(){Array.from(e.querySelectorAll("[data-row]")).map((function(t){return t.removeAttribute("style")}))}),300),O(e,"yes")}),200)}))))}({stickyContainer:t,isSticky:f,startPosition:o,stickyComponents:d}),T=p}}},E=function(){if(document.querySelector("header [data-sticky]")){var t=window.width;window.addEventListener("resize",(function(e){window.width!==t&&(t=window.width,q(),Y(e),r().trigger("ct:header:update"))}),!1),window.addEventListener("orientationchange",(function(t){q(),Y(t),r().trigger("ct:header:update")})),window.addEventListener("scroll",Y,!1),window.addEventListener("load",Y,!1),Y()}};document.body.className.indexOf("e-preview")>-1?setTimeout((function(){E()}),500):E(),(0,n.registerDynamicChunk)("blocksy_sticky_header",{mount:function(t){}})}();
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/plugins/blocksy-companion/static/js/frontend/sticky.js

Line 266 in 52d0e62

''
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/plugins/blocksy-companion/static/js/helpers/useActivationAction.js

Line 109 in 52d0e62

history.navigate('/pro')
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/142.52ae544efaeaa302199b.js

Line 1 in 52d0e62

"use strict";(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[142],{142:function(t,e,n){n.r(e),n.d(e,{handleUpdate:function(){return d},mountMenuLevel:function(){return l}});var i=n(846);const s=function(t){return t.classList.contains("animated-submenu")&&(!t.parentNode.classList.contains("menu")||-1===t.className.indexOf("ct-mega-menu")&&t.parentNode.classList.contains("menu"))},a="undefined"!=typeof window&&window.navigator&&window.navigator.platform&&(/iP(ad|hone|od)/.test(window.navigator.platform)||"MacIntel"===window.navigator.platform&&window.navigator.maxTouchPoints>1),r=function(t,e){let{startPosition:n="end"}=e;const i=t.querySelector(".sub-menu"),s=function(t){const e=function(t,e){for(var n=[];t.parentNode;)t.parentNode&&t.parentNode.matches&&t.parentNode.matches("li.menu-item")&&n.push(t.parentNode),t=t.parentNode;return n[n.length-1]}(t);return e&&e.querySelector(".sub-menu .sub-menu .sub-menu")?e.getBoundingClientRect().left>innerWidth/2?"left":"right":"rtl"===document.querySelector("html").dir?"left":"right"}(i),{left:a,width:r,right:o}=i.getBoundingClientRect();let c=s,l=t.getBoundingClientRect();"left"===s&&("end"===n?l.left:l.right)-r<0&&(c="right"),"right"===s&&("end"===n?l.right:l.left)+r>innerWidth&&(c="left"),t.dataset.submenu=c,t.addEventListener("click",(function(){}))},o=function(t){const e=t.target.closest("li");e.classList.add("ct-active");let n=[...e.children].find((function(t){return t.matches(".ct-toggle-dropdown-desktop-ghost")}));n||(n=e.firstElementChild),n&&(n.setAttribute("aria-expanded","true"),"button"===n.tagName.toLowerCase()&&n.setAttribute("aria-label",ct_localizations.collapse_submenu)),u({target:e})},c=function(t){if(!t.target)return;const e=t.target.closest("li");e.classList.remove("ct-active");let n=[...e.children].find((function(t){return t.matches(".ct-toggle-dropdown-desktop-ghost")}));n||(n=e.firstElementChild),n&&(n.setAttribute("aria-expanded","false"),"button"===n.tagName.toLowerCase()&&n.setAttribute("aria-label",ct_localizations.expand_submenu)),setTimeout((function(){[...e.querySelectorAll("[data-submenu]")].map((function(t){t.removeAttribute("data-submenu")})),[...e.querySelectorAll(".ct-active")].map((function(t){t.classList.remove("ct-active")}))}),30)},l=function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};[...t.children].filter((function(t){return t.matches(".menu-item-has-children, .page_item_has_children")})).map((function(t){if(t.classList.contains("ct-mega-menu-custom-width")){const e=t.querySelector(".sub-menu"),n=t.getBoundingClientRect(),i=e.getBoundingClientRect();n.left+n.width/2+i.width/2>innerWidth&&(t.dataset.submenu="left"),n.left+n.width/2-i.width/2<0&&(t.dataset.submenu="right")}s(t)&&r(t,e);let n=[...t.children].find((function(t){return t.matches(".ct-toggle-dropdown-desktop-ghost")})),l=t.matches('[data-interaction*="click"] *');if(t.hasFocusEventListener||(t.hasFocusEventListener=!0,t.addEventListener("keydown",(function(e){27==e.keyCode&&c({target:t.firstElementChild})})),t.addEventListener("focusout",(function(e){t.contains(e.relatedTarget)||c({target:t.firstElementChild})}))),l||(t.addEventListener("mouseenter",(function(e){a?o({target:t.firstElementChild}):requestAnimationFrame((function(){o({target:t.firstElementChild})})),t.parentNode.classList.contains(".sub-menu")||[...t.parentNode.children].filter((function(e){return e!==t})).map((function(t){c({target:t.firstElementChild})})),e.target.closest("li").addEventListener("mouseleave",(function(){c({target:t.firstElementChild})}),{once:!0})})),(0,i.b)()&&t.addEventListener("click",(function(e){t.classList.contains("ct-active")||e.preventDefault()}))),l){let e=t.matches('[data-interaction*="item"] *')?t.firstElementChild:t.firstElementChild.querySelector(".ct-toggle-dropdown-desktop");e.hasEventListener||(e.hasEventListener=!0,e.addEventListener("click",(function(e){e.preventDefault(),e.target.closest("li").classList.contains("ct-active")?c(e):(o(e),a&&e.target.closest("li").addEventListener("mouseleave",(function(){c({target:t.firstElementChild})}),{once:!0}),e.target.hasDocumentListener||(e.target.hasDocumentListener=!0,setTimeout((function(){document.addEventListener("click",(function(t){e.target.closest("li").contains(t.target)||c(e)}))}))))})))}n&&!n.hasEventListener&&(n.hasEventListener=!0,n.addEventListener("click",(function(t){t.target.closest("li").classList.contains("ct-active")?c(t):o(t)})))}))},u=function(t){let{target:e}=t;if(e.matches(".menu-item-has-children, .page_item_has_children")||(e=e.closest(".menu-item-has-children, .page_item_has_children")),e.parentNode.classList.contains("menu")&&e.className.indexOf("ct-mega-menu")>-1&&-1===e.className.indexOf("ct-mega-menu-custom-width")&&window.wp&&wp&&wp.customize&&wp.customize("active_theme")&&(e.querySelector(".sub-menu").style.left=Math.round(e.closest('[class*="ct-container"]').firstElementChild.getBoundingClientRect().x)-Math.round(e.closest("nav").getBoundingClientRect().x)+"px"),!s(e))return;const n=e.querySelector(".sub-menu");l(n),n.closest('[data-interaction="hover"]')&&n.parentNode.addEventListener("mouseleave",(function(){[...n.children].filter((function(t){return s(t)})).map((function(t){return t.removeAttribute("data-submenu")}))}),{once:!0})},d=function(t){t.parentNode||(t=document.querySelector(`[class="${t.className}"]`)),t&&(t.querySelector(".menu-item-has-children")||t.querySelector(".page_item_has_children"))&&t.closest('[data-interaction="hover"]')&&(t.removeEventListener("mouseenter",u),t.addEventListener("mouseenter",u))}}}]);
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/308.b59318afcbb9e19a1fa6.js

Line 2 in 52d0e62

(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[308],{308:function(t,e,i){"use strict";i.r(e),i.d(e,{mount:function(){return a}});var n=i(48),o=i.n(n),s=i(139),r=i(601),l=i.n(r);o().imagesLoaded=function(t,e){return e()},o().Button.prototype.hide=function(){};const a=function(t){let e=[...t.parentNode.children].find((function(t){return t.classList.contains("products")||t.classList.contains("entries")}));if(!t)return;let i=t.dataset.pagination;if(i.indexOf("simple")>-1)return;if(i.indexOf("next_prev")>-1)return;if(!t.querySelector(".next"))return;if(t.infiniteScroll)return;let n=new(o())(e,{checkLastPage:".ct-pagination .next",path:".ct-pagination .next",append:h(e),button:"load_more"===i?t.querySelector(".ct-load-more"):null,outlayer:null,scrollThreshold:"infinite_scroll"===i&&400,onInit(){this.on("load",(function(e){t.querySelector(".ct-load-more-helper").classList.remove("ct-loading"),setTimeout((function(){l().trigger("ct:infinite-scroll:load"),l().trigger("blocksy:frontend:init"),l().trigger("blocksy:parallax:init"),window.jQuery&&jQuery(document.body).trigger("wc_price_based_country_ajax_geolocation")}),100)})),this.on("append",(function(){return(0,s.Z)(e)})),this.on("request",(function(){t.querySelector(".ct-load-more-helper").classList.add("ct-loading")})),this.on("last",(function(){t.classList.add(t.querySelector(".ct-last-page-text")?"ct-last-page":"ct-last-page-no-info")}))}});t.infiniteScroll=n};function h(t){if([...t.parentNode.children].indexOf(t),t.closest(".ct-posts-shortcode")){let e=[...t.parentNode.parentNode.children].indexOf(t.parentNode);return t.classList.contains("products")?`.ct-posts-shortcode:nth-child(${e+1}) .products > li`:`.ct-posts-shortcode:nth-child(${e+1}) .entries > *`}return t.classList.contains("products")?"#main .products > li":"section > .entries > *"}},158:function(t){var e,i;e="undefined"!=typeof window?window:this,i=function(){function t(){}let e=t.prototype;return e.on=function(t,e){if(!t||!e)return this;let i=this._events=this._events||{},n=i[t]=i[t]||[];return n.includes(e)||n.push(e),this},e.once=function(t,e){if(!t||!e)return this;this.on(t,e);let i=this._onceEvents=this._onceEvents||{};return(i[t]=i[t]||{})[e]=!0,this},e.off=function(t,e){let i=this._events&&this._events[t];if(!i||!i.length)return this;let n=i.indexOf(e);return-1!=n&&i.splice(n,1),this},e.emitEvent=function(t,e){let i=this._events&&this._events[t];if(!i||!i.length)return this;i=i.slice(0),e=e||[];let n=this._onceEvents&&this._onceEvents[t];for(let o of i)n&&n[o]&&(this.off(t,o),delete n[o]),o.apply(this,e);return this},e.allOff=function(){return delete this._events,delete this._onceEvents,this},t},t.exports?t.exports=i():e.EvEmitter=i()},47:function(t){var e,i;e=this,i=function(t){let e={extend:function(t,e){return Object.assign(t,e)},modulo:function(t,e){return(t%e+e)%e},makeArray:function(t){return Array.isArray(t)?t:null==t?[]:"object"==typeof t&&"number"==typeof t.length?[...t]:[t]},removeFrom:function(t,e){let i=t.indexOf(e);-1!=i&&t.splice(i,1)},getParent:function(t,e){for(;t.parentNode&&t!=document.body;)if((t=t.parentNode).matches(e))return t},getQueryElement:function(t){return"string"==typeof t?document.querySelector(t):t},handleEvent:function(t){let e="on"+t.type;this[e]&&this[e](t)},filterFindElements:function(t,i){return(t=e.makeArray(t)).filter((t=>t instanceof HTMLElement)).reduce(((t,e)=>{if(!i)return t.push(e),t;e.matches(i)&&t.push(e);let n=e.querySelectorAll(i);return t.concat(...n)}),[])},debounceMethod:function(t,e,i){i=i||100;let n=t.prototype[e],o=e+"Timeout";t.prototype[e]=function(){clearTimeout(this[o]);let t=arguments;this[o]=setTimeout((()=>{n.apply(this,t),delete this[o]}),i)}},docReady:function(t){let e=document.readyState;"complete"==e||"interactive"==e?setTimeout(t):document.addEventListener("DOMContentLoaded",t)},toDashed:function(t){return t.replace(/(.)([A-Z])/g,(function(t,e,i){return e+"-"+i})).toLowerCase()}},i=t.console;return e.htmlInit=function(n,o){e.docReady((function(){let s="data-"+e.toDashed(o),r=document.querySelectorAll(`[${s}]`),l=t.jQuery;[...r].forEach((t=>{let e,r=t.getAttribute(s);try{e=r&&JSON.parse(r)}catch(e){return void(i&&i.error(`Error parsing ${s} on ${t.className}: ${e}`))}let a=new n(t,e);l&&l.data(t,o,a)}))}))},e},t.exports?t.exports=i(e):e.fizzyUIUtils=i(e)},163:function(t,e,i){!function(e,n){t.exports?t.exports=n(0,i(717),i(47)):n(0,e.InfiniteScroll,e.fizzyUIUtils)}(window,(function(t,e,i){class n{constructor(t,e){this.element=t,this.infScroll=e,this.clickHandler=this.onClick.bind(this),this.element.addEventListener("click",this.clickHandler),e.on("request",this.disable.bind(this)),e.on("load",this.enable.bind(this)),e.on("error",this.hide.bind(this)),e.on("last",this.hide.bind(this))}onClick(t){t.preventDefault(),this.infScroll.loadNextPage()}enable(){this.element.removeAttribute("disabled")}disable(){this.element.disabled="disabled"}hide(){this.element.style.display="none"}destroy(){this.element.removeEventListener("click",this.clickHandler)}}return e.create.button=function(){let t=i.getQueryElement(this.options.button);t&&(this.button=new n(t,this))},e.destroy.button=function(){this.button&&this.button.destroy()},e.Button=n,e}))},717:function(t,e,i){!function(e,n){t.exports?t.exports=n(e,i(158),i(47)):e.InfiniteScroll=n(e,e.EvEmitter,e.fizzyUIUtils)}(window,(function(t,e,i){let n=t.jQuery,o={};function s(t,e){let r=i.getQueryElement(t);if(r){if((t=r).infiniteScrollGUID){let i=o[t.infiniteScrollGUID];return i.option(e),i}this.element=t,this.options={...s.defaults},this.option(e),n&&(this.$element=n(this.element)),this.create()}else console.error("Bad element for InfiniteScroll: "+(r||t))}s.defaults={},s.create={},s.destroy={};let r=s.prototype;Object.assign(r,e.prototype);let l=0;r.create=function(){let t=this.guid=++l;if(this.element.infiniteScrollGUID=t,o[t]=this,this.pageIndex=1,this.loadCount=0,this.updateGetPath(),this.getPath&&this.getPath()){this.updateGetAbsolutePath(),this.log("initialized",[this.element.className]),this.callOnInit();for(let t in s.create)s.create[t].call(this)}else console.error("Disabling InfiniteScroll")},r.option=function(t){Object.assign(this.options,t)},r.callOnInit=function(){let t=this.options.onInit;t&&t.call(this,this)},r.dispatchEvent=function(t,e,i){this.log(t,i);let o=e?[e].concat(i):i;if(this.emitEvent(t,o),!n||!this.$element)return;let s=t+=".infiniteScroll";if(e){let i=n.Event(e);i.type=t,s=i}this.$element.trigger(s,i)};let a={initialized:t=>`on ${t}`,request:t=>`URL: ${t}`,load:(t,e)=>`${t.title||""}. URL: ${e}`,error:(t,e)=>`${t}. URL: ${e}`,append:(t,e,i)=>`${i.length} items. URL: ${e}`,last:(t,e)=>`URL: ${e}`,history:(t,e)=>`URL: ${e}`,pageIndex:function(t,e){return`current page determined to be: ${t} from ${e}`}};r.log=function(t,e){if(!this.options.debug)return;let i=`[InfiniteScroll] ${t}`,n=a[t];n&&(i+=". "+n.apply(this,e)),console.log(i)},r.updateMeasurements=function(){this.windowHeight=t.innerHeight;let e=this.element.getBoundingClientRect();this.top=e.top+t.scrollY},r.updateScroller=function(){let e=this.options.elementScroll;if(e){if(this.scroller=!0===e?this.element:i.getQueryElement(e),!this.scroller)throw new Error(`Unable to find elementScroll: ${e}`)}else this.scroller=t},r.updateGetPath=function(){let t=this.options.path;if(!t)return void console.error(`InfiniteScroll path option required. Set as: ${t}`);let e=typeof t;"function"!=e?"string"==e&&t.match("{{#}}")?this.updateGetPathTemplate(t):this.updateGetPathSelector(t):this.getPath=t},r.updateGetPathTemplate=function(t){this.getPath=()=>{let e=this.pageIndex+1;return t.replace("{{#}}",e)};let e=t.replace(/(\\\?|\?)/,"\\?").replace("{{#}}","(\\d\\d?\\d?)"),i=new RegExp(e),n=location.href.match(i);n&&(this.pageIndex=parseInt(n[1],10),this.log("pageIndex",[this.pageIndex,"template string"]))};let h=[/^(.*?\/?page\/?)(\d\d?\d?)(.*?$)/,/^(.*?\/?\?page=)(\d\d?\d?)(.*?$)/,/(.*?)(\d\d?\d?)(?!.*\d)(.*?$)/],c=s.getPathParts=function(t){if(t)for(let e of h){let i=t.match(e);if(i){let[,t,e,n]=i;return{begin:t,index:e,end:n}}}};r.updateGetPathSelector=function(t){let e=document.querySelector(t);if(!e)return void console.error(`Bad InfiniteScroll path option. Next link not found: ${t}`);let i=e.getAttribute("href"),n=c(i);if(!n)return void console.error(`InfiniteScroll unable to parse next link href: ${i}`);let{begin:o,index:s,end:r}=n;this.isPathSelector=!0,this.getPath=()=>o+(this.pageIndex+1)+r,this.pageIndex=parseInt(s,10)-1,this.log("pageIndex",[this.pageIndex,"next link"])},r.updateGetAbsolutePath=function(){let t=this.getPath();if(t.match(/^http/)||t.match(/^\//))return void(this.getAbsolutePath=this.getPath);let{pathname:e}=location,i=t.match(/^\?/),n=e.substring(0,e.lastIndexOf("/")),o=i?e:n+"/";this.getAbsolutePath=()=>o+this.getPath()},s.create.hideNav=function(){let t=i.getQueryElement(this.options.hideNav);t&&(t.style.display="none",this.nav=t)},s.destroy.hideNav=function(){this.nav&&(this.nav.style.display="")},r.destroy=function(){this.allOff();for(let t in s.destroy)s.destroy[t].call(this);delete this.element.infiniteScrollGUID,delete o[this.guid],n&&this.$element&&n.removeData(this.element,"infiniteScroll")},s.throttle=function(t,e){let i,n;return e=e||200,function(){let o=+new Date,s=arguments,r=()=>{i=o,t.apply(this,s)};i&&o<i+e?(clearTimeout(n),n=setTimeout(r,e)):r()}},s.data=function(t){let e=(t=i.getQueryElement(t))&&t.infiniteScrollGUID;return e&&o[e]},s.setJQuery=function(t){n=t},i.htmlInit(s,"infinite-scroll"),r._init=function(){};let{jQueryBridget:u}=t;return n&&u&&u("infiniteScroll",s,n),s}))},774:function(t,e,i){!function(e,n){t.exports?t.exports=n(e,i(717),i(47)):n(e,e.InfiniteScroll,e.fizzyUIUtils)}(window,(function(t,e,i){let n=e.prototype;Object.assign(e.defaults,{history:"replace"});let o=document.createElement("a");return e.create.history=function(){this.options.history&&(o.href=this.getAbsolutePath(),(o.origin||o.protocol+"//"+o.host)==location.origin?this.options.append?this.createHistoryAppend():this.createHistoryPageLoad():console.error(`[InfiniteScroll] cannot set history with different origin: ${o.origin} on ${location.origin} . History behavior disabled.`))},n.createHistoryAppend=function(){this.updateMeasurements(),this.updateScroller(),this.scrollPages=[{top:0,path:location.href,title:document.title}],this.scrollPage=this.scrollPages[0],this.scrollHistoryHandler=this.onScrollHistory.bind(this),this.unloadHandler=this.onUnload.bind(this),this.scroller.addEventListener("scroll",this.scrollHistoryHandler),this.on("append",this.onAppendHistory),this.bindHistoryAppendEvents(!0)},n.bindHistoryAppendEvents=function(e){let i=e?"addEventListener":"removeEventListener";this.scroller[i]("scroll",this.scrollHistoryHandler),t[i]("unload",this.unloadHandler)},n.createHistoryPageLoad=function(){this.on("load",this.onPageLoadHistory)},e.destroy.history=n.destroyHistory=function(){this.options.history&&this.options.append&&this.bindHistoryAppendEvents(!1)},n.onAppendHistory=function(t,e,i){if(!i||!i.length)return;let n=i[0],s=this.getElementScrollY(n);o.href=e,this.scrollPages.push({top:s,path:o.href,title:t.title})},n.getElementScrollY=function(e){return this.options.elementScroll?e.offsetTop-this.top:e.getBoundingClientRect().top+t.scrollY},n.onScrollHistory=function(){let t=this.getClosestScrollPage();t!=this.scrollPage&&(this.scrollPage=t,this.setHistory(t.title,t.path))},i.debounceMethod(e,"onScrollHistory",150),n.getClosestScrollPage=function(){let e,i;e=this.options.elementScroll?this.scroller.scrollTop+this.scroller.clientHeight/2:t.scrollY+this.windowHeight/2;for(let t of this.scrollPages){if(t.top>=e)break;i=t}return i},n.setHistory=function(t,e){let i=this.options.history;i&&history[i+"State"]&&(history[i+"State"](null,t,e),this.options.historyTitle&&(document.title=t),this.dispatchEvent("history",null,[t,e]))},n.onUnload=function(){if(0===this.scrollPage.top)return;let e=t.scrollY-this.scrollPage.top+this.top;this.destroyHistory(),scrollTo(0,e)},n.onPageLoadHistory=function(t,e){this.setHistory(t.title,e)},e}))},48:function(t,e,i){var n;window,t.exports&&(t.exports=(n=i(717),i(484),i(610),i(774),i(163),i(792),n))},484:function(t,e,i){!function(e,n){t.exports?t.exports=n(e,i(717)):n(e,e.InfiniteScroll)}(window,(function(t,e){let i=e.prototype;Object.assign(e.defaults,{loadOnScroll:!0,checkLastPage:!0,responseBody:"text",domParseResponse:!0}),e.create.pageLoad=function(){this.canLoad=!0,this.on("scrollThreshold",this.onScrollThresholdLoad),this.on("load",this.checkLastPage),this.options.outlayer&&this.on("append",this.onAppendOutlayer)},i.onScrollThresholdLoad=function(){this.options.loadOnScroll&&this.loadNextPage()};let n=new DOMParser;function o(t){let e=document.createDocumentFragment();return t&&e.append(...t),e}return i.loadNextPage=function(){if(this.isLoading||!this.canLoad)return;let{responseBody:t,domParseResponse:e,fetchOptions:i}=this.options,o=this.getAbsolutePath();this.isLoading=!0,"function"==typeof i&&(i=i());let s=fetch(o,i).then((i=>{if(!i.ok){let t=new Error(i.statusText);return this.onPageError(t,o,i),{response:i}}return i[t]().then((s=>("text"==t&&e&&(s=n.parseFromString(s,"text/html")),204==i.status?(this.lastPageReached(s,o),{body:s,response:i}):this.onPageLoad(s,o,i))))})).catch((t=>{this.onPageError(t,o)}));return this.dispatchEvent("request",null,[o,s]),s},i.onPageLoad=function(t,e,i){return this.options.append||(this.isLoading=!1),this.pageIndex++,this.loadCount++,this.dispatchEvent("load",null,[t,e,i]),this.appendNextPage(t,e,i)},i.appendNextPage=function(t,e,i){let{append:n,responseBody:s,domParseResponse:r}=this.options;if("text"!=s||!r||!n)return{body:t,response:i};let l=t.querySelectorAll(n),a={body:t,response:i,items:l};if(!l||!l.length)return this.lastPageReached(t,e),a;let h=o(l),c=()=>(this.appendItems(l,h),this.isLoading=!1,this.dispatchEvent("append",null,[t,e,l,i]),a);return this.options.outlayer?this.appendOutlayerItems(h,c):c()},i.appendItems=function(t,e){t&&t.length&&(function(t){let e=t.querySelectorAll("script");for(let t of e){let e=document.createElement("script"),i=t.attributes;for(let t of i)e.setAttribute(t.name,t.value);e.innerHTML=t.innerHTML,t.parentNode.replaceChild(e,t)}}(e=e||o(t)),this.element.appendChild(e))},i.appendOutlayerItems=function(i,n){let o=e.imagesLoaded||t.imagesLoaded;return o?new Promise((function(t){o(i,(function(){let e=n();t(e)}))})):(console.error("[InfiniteScroll] imagesLoaded required for outlayer option"),void(this.isLoading=!1))},i.onAppendOutlayer=function(t,e,i){this.options.outlayer.appended(i)},i.checkLastPage=function(t,e){let i,{checkLastPage:n,path:o}=this.options;if(n){if("function"==typeof o&&!this.getPath())return void this.lastPageReached(t,e);"string"==typeof n?i=n:this.isPathSelector&&(i=o),i&&t.querySelector&&(t.querySelector(i)||this.lastPageReached(t,e))}},i.lastPageReached=function(t,e){this.canLoad=!1,this.dispatchEvent("last",null,[t,e])},i.onPageError=function(t,e,i){return this.isLoading=!1,this.canLoad=!1,this.dispatchEvent("error",null,[t,e,i]),t},e.create.prefill=function(){if(!this.options.prefill)return;let t=this.options.append;t?(this.updateMeasurements(),this.updateScroller(),this.isPrefilling=!0,this.on("append",this.prefill),this.once("error",this.stopPrefill),this.once("last",this.stopPrefill),this.prefill()):console.error(`append option required for prefill. Set as :${t}`)},i.prefill=function(){let t=this.getPrefillDistance();this.isPrefilling=t>=0,this.isPrefilling?(this.log("prefill"),this.loadNextPage()):this.stopPrefill()},i.getPrefillDistance=function(){return this.options.elementScroll?this.scroller.clientHeight-this.scroller.scrollHeight:this.windowHeight-this.element.clientHeight},i.stopPrefill=function(){this.log("stopPrefill"),this.off("append",this.prefill)},e}))},610:function(t,e,i){!function(e,n){t.exports?t.exports=n(e,i(717),i(47)):n(e,e.InfiniteScroll,e.fizzyUIUtils)}(window,(function(t,e,i){let n=e.prototype;return Object.assign(e.defaults,{scrollThreshold:400}),e.create.scrollWatch=function(){this.pageScrollHandler=this.onPageScroll.bind(this),this.resizeHandler=this.onResize.bind(this);let t=this.options.scrollThreshold;(t||0===t)&&this.enableScrollWatch()},e.destroy.scrollWatch=function(){this.disableScrollWatch()},n.enableScrollWatch=function(){this.isScrollWatching||(this.isScrollWatching=!0,this.updateMeasurements(),this.updateScroller(),this.on("last",this.disableScrollWatch),this.bindScrollWatchEvents(!0))},n.disableScrollWatch=function(){this.isScrollWatching&&(this.bindScrollWatchEvents(!1),delete this.isScrollWatching)},n.bindScrollWatchEvents=function(e){let i=e?"addEventListener":"removeEventListener";this.scroller[i]("scroll",this.pageScrollHandler),t[i]("resize",this.resizeHandler)},n.onPageScroll=e.throttle((function(){this.getBottomDistance()<=this.options.scrollThreshold&&this.dispatchEvent("scrollThreshold")})),n.getBottomDistance=function(){let e,i;return this.options.elementScroll?(e=this.scroller.scrollHeight,i=this.scroller.scrollTop+this.scroller.clientHeight):(e=this.top+this.element.clientHeight,i=t.scrollY+this.windowHeight),e-i},n.onResize=function(){this.updateMeasurements()},i.debounceMethod(e,"onResize",150),e}))},792:function(t,e,i){!function(e,n){t.exports?t.exports=n(0,i(717),i(47)):n(0,e.InfiniteScroll,e.fizzyUIUtils)}(window,(function(t,e,i){let n=e.prototype;function o(t){r(t,"none")}function s(t){r(t,"block")}function r(t,e){t&&(t.style.display=e)}return e.create.status=function(){let t=i.getQueryElement(this.options.status);t&&(this.statusElement=t,this.statusEventElements={request:t.querySelector(".infinite-scroll-request"),error:t.querySelector(".infinite-scroll-error"),last:t.querySelector(".infinite-scroll-last")},this.on("request",this.showRequestStatus),this.on("error",this.showErrorStatus),this.on("last",this.showLastStatus),this.bindHideStatus("on"))},n.bindHideStatus=function(t){let e=this.options.append?"append":"load";this[t](e,this.hideAllStatus)},n.showRequestStatus=function(){this.showStatus("request")},n.showErrorStatus=function(){this.showStatus("error")},n.showLastStatus=function(){this.showStatus("last"),this.bindHideStatus("off")},n.showStatus=function(t){s(this.statusElement),this.hideStatusEventElements(),s(this.statusEventElements[t])},n.hideAllStatus=function(){o(this.statusElement),this.hideStatusEventElements()},n.hideStatusEventElements=function(){for(let t in this.statusEventElements)o(this.statusEventElements[t])},e}))}}]);
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/321.3a60ac255380431c2284.js

Line 1 in 52d0e62

"use strict";(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[321],{321:function(e,t,o){o.r(t),o.d(t,{mount:function(){return a}});var i=o(194),c=o.n(i);function n(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,i)}return o}function r(e){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{};t%2?n(Object(o),!0).forEach((function(t){s(e,t,o[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(o)):n(Object(o)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(o,t))}))}return e}function s(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function l(){try{return document.createEvent("TouchEvent"),!0}catch(e){return!1}}o(601);const a=function(e,t){let{event:o}=t;const i=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;if(e.closest(".elementor-section-wrap"))return;var o=c()(".pswp")[0],i=c()(e),n=i;const r=[...e.closest(".woocommerce-product-gallery").querySelectorAll(".flexy-items .ct-image-container img:not(.zoomImg), .woocommerce-product-gallery > .ct-image-container img:not(.zoomImg), .flexy-items .ct-image-container video, .woocommerce-product-gallery > .ct-image-container video, .flexy-items .ct-image-container iframe, .woocommerce-product-gallery > .ct-image-container iframe")].map((function(e){return e.matches("video")||e.matches("iframe")?{html:`<div class="ct-lightbox-video-container">${e.outerHTML}</div>`}:{img:e,src:e.closest("a")?e.closest("a").href:e.src,w:(e.closest("a")?e.closest("a").dataset.width:e.width)||e.width,h:(e.closest("a")?e.closest("a").dataset.height:e.width)||e.width,title:e.getAttribute("data-caption")}}));if(1!==r.length||!r[0].img.closest("a")||r[0].img.closest("a").getAttribute("href")){var s=c().extend({index:0===t?0:t||c()(n).index(),addCaptionHTMLFn:function(e,t){return e.title?(t.children[0].textContent=e.title,!0):(t.children[0].textContent="",!1)}},{shareEl:!1,closeOnScroll:!1,history:!1,hideAnimationDuration:0,showAnimationDuration:0}),l=new PhotoSwipe(o,PhotoSwipeUI_Default,r,s);l.init(),document.body.classList.add("ct-photoswipe-open"),l.listen("close",(function(){setTimeout((function(){document.body.classList.remove("ct-photoswipe-open"),[...document.querySelectorAll(".ct-lightbox-video-container")].map((function(e){return e.remove()}))}),300)}))}};o&&l()&&"click"===o.type&&setTimeout((function(){o.target&&o.target.click&&o.target.click()})),function(){let{onlyZoom:e=!1}=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},t=[...document.querySelectorAll(".woocommerce-product-gallery .woocommerce-product-gallery__trigger")];[...document.querySelectorAll(".single-product .flexy-items .ct-image-container, .single-product .woocommerce-product-gallery > .ct-image-container")].map((function(o){if(!(window.wp&&wp.customize&&wp.customize("has_product_single_lightbox")&&"yes"===wp.customize("has_product_single_lightbox")())&&window.wp&&window.wp.customize||e||o.hasPhotoswipeListener||(o.hasPhotoswipeListener=!0,o.addEventListener("click",(function(e){if(e.preventDefault(),t.length>0)return;let c=0;c=[...o.parentNode.querySelectorAll(".ct-image-container")].indexOf(o),o.closest(".flexy-items")&&(c=[...o.closest(".flexy-items").children].indexOf(o.parentNode)),window.PhotoSwipe&&i(o,c)}))),c().fn.zoom&&(window.wp&&wp.customize&&wp.customize("has_product_single_zoom")&&"yes"===wp.customize("has_product_single_zoom")()||!window.wp||!window.wp.customize)){const e=o.getBoundingClientRect();if(o.closest(".elementor-section-wrap"))return;if(o.querySelector("iframe"))return;if(o.querySelector("video"))return;parseFloat(o.getAttribute("data-width"))>o.closest(".woocommerce-product-gallery").getBoundingClientRect().width&&c()(o).zoom(r(r({url:o.href,touch:!1,duration:50},e.width>parseFloat(o.dataset.width)||e.height>parseFloat(o.dataset.height)?{magnify:2}:{}),l()?{on:"toggle"}:{}))}})),c().fn.zoom&&(window.wp&&wp.customize&&wp.customize("has_product_single_zoom")&&"yes"===wp.customize("has_product_single_zoom")()||!window.wp||!window.wp.customize)&&setTimeout((function(){o&&(o.target.closest(".elementor-section-wrap")||(o.target.closest(".flexy-items")||o.target.closest(".ct-image-container")&&o.target.closest(".ct-image-container").parentNode.classList.contains("woocommerce-product-gallery"))&&c()(o.target.closest(".ct-image-container")).trigger(l()?"click.zoom":"mouseenter.zoom"))}),150),t.map((function(e){e.hasPhotoswipeListener||(e.hasPhotoswipeListener=!0,e.addEventListener("click",(function(t){if(t.preventDefault(),t.stopPropagation(),!e.closest(".ct-image-container")||e.closest(".flexy-items")){if(e.closest(".ct-image-container")&&e.closest(".flexy-items")&&e.closest(".ct-columns-top-gallery"))window.PhotoSwipe&&i(e.closest(".ct-image-container"),[...e.closest(".ct-image-container").parentNode.parentNode.children].indexOf(e.closest(".ct-image-container").parentNode));else if(document.querySelector(".single-product .woocommerce-product-gallery > .ct-image-container")&&window.PhotoSwipe&&i(document.querySelector(".single-product .woocommerce-product-gallery > .ct-image-container")),document.querySelector(".single-product .flexy-items .ct-image-container")){let e=document.querySelector(".single-product .flexy-pills"),t=Array.from(e.querySelector(".active").parentNode.children).indexOf(e.querySelector(".active")||e.firstElementChild);window.PhotoSwipe&&i(document.querySelector(".single-product .flexy-items").children[t].firstElementChild,t)}}else window.PhotoSwipe&&i(e.closest(".ct-image-container"))})))}))}()}}}]);
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/36.870e0c3aa08c92b9f4dc.js

Line 1 in 52d0e62

"use strict";(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[36],{36:function(t,e,o){o.r(e),o.d(e,{mount:function(){return a}});var n=o(194),c=o.n(n),r=o(601),i=o.n(r);let u=!1;const a=function(){if(!c())return;const t='.ct-header-cart, .ct-shortcuts-container [data-id="cart"]';if(u)return;u=!0,c()(document.body).on("adding_to_cart",(function(){return[...document.querySelectorAll(t)].map((function(t){t.closest(".ct-shortcuts-container")||(t=t.firstElementChild),t.classList.remove("ct-added"),t.classList.add("ct-adding")}))})),c()(document.body).on("wc_fragments_loaded",(function(){setTimeout((function(){return i().trigger("ct:popper-elements:update")})),setTimeout((function(){return i().trigger("blocksy:frontend:init")}))})),c()(document.body).on("wc_cart_button_updated",(function(){setTimeout((function(){[...document.querySelectorAll(t)].map((function(t,e){e>0||!document.querySelector(".quick-view-modal.active")&&(!document.body.classList.contains("single-product")&&t.querySelector('[data-auto-open*="archive"]')||document.body.classList.contains("single-product")&&t.querySelector('[data-auto-open*="product"]'))&&(t.querySelector("[data-auto-open]").focusDisabled=!0,t.querySelector("[data-auto-open]").click())}))}),100)})),c()(document.body).on("added_to_cart",(function(e,o,n,c,r){c=c[0],[...document.querySelectorAll(t)].map((function(t,e){let n=t;t.closest(".ct-shortcuts-container")||(n=t.firstElementChild),n.classList.remove("ct-adding"),n.classList.add("ct-added"),document.querySelector(".ct-cart-content")&&t.querySelector(".ct-cart-content")&&(t.querySelector(".ct-cart-content").innerHTML=Object.values(o)[0],t.querySelector(".ct-cart-total")&&t.querySelector(".ct-cart-content .woocommerce-mini-cart__total .woocommerce-Price-amount")&&(t.querySelector(".ct-cart-total").firstElementChild.innerHTML=t.querySelector(".ct-cart-content .woocommerce-mini-cart__total .woocommerce-Price-amount").innerHTML))}))})),c()(document.body).on("removed_from_cart",(function(e,o,n,c){return[...document.querySelectorAll(t)].map((function(t){if(c)try{c[0].closest("li").parentNode.removeChild(c[0].closest("li"))}catch(t){}}))})),c()(document).on("uael_quick_view_loader_stop",(function(){i().trigger("ct:add-to-cart:quantity")})),c()(document).on("facetwp-loaded",(function(){i().trigger("ct:custom-select:init")})),c()(window).on("wpf_ajax_success",(function(){i().trigger("blocksy:frontend:init")})),c()(document).on("prdctfltr-reload",(function(){i().trigger("blocksy:frontend:init")})),setTimeout((function(){if(window.woof_mass_reinit){const t=window.woof_mass_reinit;window.woof_mass_reinit=function(){i().trigger("blocksy:frontend:init"),t()}}}),1e3);const e=function(){let t=document.querySelector(".ct-header-cart .ct-cart-content");t&&t.removeAttribute("style")};c()(document.body).on("wc_fragments_refreshed",(function(){setTimeout((function(){i().trigger("blocksy:frontend:init"),i().trigger("ct:popper-elements:update"),e()}))})),c()(document.body).on("wc_fragments_loaded",(function(){setTimeout((function(){i().trigger("blocksy:frontend:init"),i().trigger("ct:popper-elements:update"),e()}))}))}}}]);
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/38.4d46d7a7deb5d9fd6412.js

Line 1 in 52d0e62

(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[38],{38:function(e,t,n){"use strict";n.r(t),n.d(t,{handleClick:function(){return P},mount:function(){return q}});var o=n(891);const r="undefined"!=typeof window&&window.navigator&&window.navigator.platform&&(/iP(ad|hone|od)/.test(window.navigator.platform)||"MacIntel"===window.navigator.platform&&window.navigator.maxTouchPoints>1);var c=function(e){r?(0,o.clearAllBodyScrollLocks)():(document.body.style.overflow="",document.body.style.removeProperty("--scrollbar-width"))},i=function(e){if(r)e&&(0,o.disableBodyScroll)(e,{allowTouchMove:function(e){return!!e.closest(".select2-container")}});else{let e=window.innerWidth-document.documentElement.clientWidth;e>0&&document.body.style.setProperty("--scrollbar-width",`${e}px`),document.body.style.overflow="hidden"}};const a=function(){return window.ctFrontend&&window.ctFrontend.scrollLockManager||(window.ctFrontend=window.ctFrontend||{},window.ctFrontend.scrollLockManager={enable:c,disable:i}),window.ctFrontend.scrollLockManager};var l=n(601),s=n.n(l);const u=function(e){if(!e)return;const t=e.querySelector(".ct-toggle-dropdown-mobile");e.classList.contains("dropdown-active")?(t.setAttribute("aria-expanded","false"),t.setAttribute("aria-label",ct_localizations.expand_submenu),function(e,t){const n=e.querySelector("ul");requestAnimationFrame((function(){const e=n.getBoundingClientRect().height;n.style.height=`${e}px`,n.classList.add("is-animating"),requestAnimationFrame((function(){n.style.height="0px",d(n,(function(){n.classList.remove("is-animating"),n.removeAttribute("style"),t()}))}))}))}(e,(function(){e.classList.toggle("dropdown-active"),[...e.querySelectorAll(".menu-item-has-children.dropdown-active, .page_item_has_children.dropdown-active")].map((function(e){return e.classList.remove("dropdown-active")}))}))):(t.setAttribute("aria-expanded","true"),t.setAttribute("aria-label",ct_localizations.collapse_submenu),[...e.parentNode.children].map((function(e){return e.classList.contains("dropdown-active")&&u(e)})),e.classList.toggle("dropdown-active"),function(e){const t=e.querySelector("ul");requestAnimationFrame((function(){const e=t.getBoundingClientRect().height;t.style.height="0px",t.classList.add("is-animating"),requestAnimationFrame((function(){t.style.height=`${e}px`,d(t,(function(){t.classList.remove("is-animating"),t.removeAttribute("style")}))}))}))}(e))};function d(e,t){const n=function(o){o.target===e&&(e.removeEventListener("transitionend",n),t())};e.addEventListener("transitionend",n)}var f=n(130),m=n(846);function v(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function p(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?v(Object(n),!0).forEach((function(t){g(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):v(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function g(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const h=["button:enabled:not([readonly])","select:enabled:not([readonly])","textarea:enabled:not([readonly])","input:enabled:not([readonly])","a[href]","area[href]","iframe","object","embed","[tabindex]","[contenteditable]","[autofocus]"];let y=null;const b=function(e){if(!y)return;let t=[...y.querySelectorAll(h.join(","))];y.querySelector('[data-device="mobile"]')&&"mobile"!==(0,f.C)()&&(t=t.filter((function(e){return!e.closest('[data-device="mobile"]')})));const n=t[0],o=t[t.length-1];"Tab"!==e.key&&9!==e.keyCode||(t.includes(document.activeElement)||(n.focus(),e.preventDefault()),e.shiftKey?document.activeElement===n&&(o.focus(),e.preventDefault()):document.activeElement===o&&(n.focus(),e.preventDefault()))},w=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};if(t=p({focusOnMount:!0},t),y&&y!==e)return;const n=e.querySelectorAll(h.join(","));0!==n.length&&(y=e,document.addEventListener("keydown",b),t.focusOnMount&&!(0,m.b)()&&setTimeout((function(){n[0].focus()}),200))},L=function(e){e.removeEventListener("keydown",b),y=null},S=function(){return window.ctFrontend&&window.ctFrontend.focusLockManager||(window.ctFrontend=window.ctFrontend||{},window.ctFrontend.focusLockManager={focusLockOn:w,focusLockOff:L}),window.ctFrontend.focusLockManager};function O(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function k(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?O(Object(n),!0).forEach((function(t){E(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):O(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function E(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const A=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};if(e=k({onClose:function(){},container:null},e),t=k({closeInstant:!1,shouldFocusOriginalTrigger:!0},t),!document.body.hasAttribute("data-panel"))return e.container.classList.remove("active"),void e.onClose();[...document.querySelectorAll(`[data-toggle-panel*="${e.container.id}"]`),...document.querySelectorAll(`[href*="${e.container.id}"]`)].map((function(e,n){e.setAttribute("aria-expanded","false"),t.shouldFocusOriginalTrigger&&!(0,m.b)()&&(e.focusDisabled||setTimeout((function(){0===n&&e.focus()}),50),e.focusDisabled=!1)})),e.container.classList.remove("active"),t.closeInstant?(document.body.removeAttribute("data-panel"),s().trigger("ct:modal:closed",e.container),a().enable(e.computeScrollContainer?e.computeScrollContainer():e.container.querySelector(".ct-panel-content"))):(document.body.dataset.panel="out",e.container.addEventListener("transitionend",(function(){setTimeout((function(){document.body.removeAttribute("data-panel"),s().trigger("ct:modal:closed",e.container),a().enable(e.computeScrollContainer?e.computeScrollContainer():e.container.querySelector(".ct-panel-content")),S().focusLockOff(e.container.querySelector(".ct-panel-content").parentNode)}),300)}),{once:!0})),window.removeEventListener("click",e.handleWindowClick,{capture:!0}),e.container.removeEventListener("click",e.handleContainerClick),e.onClose()},P=function(e,t){e&&e.preventDefault&&e.preventDefault(),t=k({onClose:function(){},container:null,focus:!1,clickOutside:!0,isModal:!1,computeScrollContainer:null,closeWhenLinkInside:!1,handleContainerClick:function(e){let n=e.target.closest(".ct-panel-content"),o=[...t.container.querySelectorAll(".ct-panel-content")].indexOf(e.target)>-1;t.isModal&&!o&&n||!t.isModal&&(o||n)||e.target.closest('[class*="select2-container"]')||window.getSelection().toString().length>0||document.body.hasAttribute("data-panel")&&A(t)},handleWindowClick:function(e){t.container.contains(e.target)||e.target===document.body||event.target.closest('[class*="select2-container"]')||document.body.hasAttribute("data-panel")&&A(t)}},t),function(e){e=k({onClose:function(){},container:null,focus:!0},e),[...document.querySelectorAll(`[data-toggle-panel*="${e.container.id}"]`),...document.querySelectorAll(`[href*="${e.container.id}"]`)].map((function(e){e.setAttribute("aria-expanded","true")})),e.focus&&!(0,m.b)()&&setTimeout((function(){e.container.querySelector("input")&&e.container.querySelector("input").focus()}),200),e.container.querySelector(".ct-panel-content")&&e.container.querySelector(".ct-panel-content").addEventListener("click",(function(t){Array.from(e.container.querySelectorAll("select")).map((function(e){return e.selectr&&e.selectr.events.dismiss(t)}))})),e.clickOutside&&e.container.querySelector(".ct-panel-content")&&e.container.addEventListener("click",e.handleContainerClick);const t=function(n){const{keyCode:o,target:r}=n;27===o&&(n.preventDefault(),document.body.hasAttribute("data-panel")&&A(e),document.removeEventListener("keyup",t))};document.addEventListener("keyup",t);let n=e.container&&e.container.querySelector(".ct-toggle-close");n&&(n.addEventListener("click",(function(t){t.preventDefault(),A(e)}),{once:!0}),n.hasEnterListener||(n.hasEnterListener=!0,n.addEventListener("keyup",(function(t){13==t.keyCode&&(t.preventDefault(),A(e))})))),(e.computeScrollContainer||e.container.querySelector(".ct-panel-content"))&&(a().disable(e.computeScrollContainer?e.computeScrollContainer():e.container.querySelector(".ct-panel-content")),setTimeout((function(){S().focusLockOn(e.container.querySelector(".ct-panel-content").parentNode,{focusOnMount:!e.focus})}))),window.addEventListener("click",e.handleWindowClick,{capture:!0}),s().trigger("ct:modal:opened",e.container),[...e.container.querySelectorAll(".ct-toggle-dropdown-mobile")].map((function(e){!function(e){if(e.hasListener)return;e.hasListener=!0;let t=e.previousElementSibling.getAttribute("href");t&&"#"!==t||e.previousElementSibling.addEventListener("click",(function(t){t.preventDefault(),t.stopPropagation(),u(e.closest(".menu-item-has-children, .page_item_has_children"))})),e.addEventListener("click",(function(t){t.preventDefault(),t.stopPropagation(),u(e.closest(".menu-item-has-children, .page_item_has_children"))}))}(e)}))}(t),t.closeWhenLinkInside&&(t.container.hasListener||(t.container.hasListener=!0,t.container.addEventListener("click",(function(e){if(!e.target)return;let n=e.target;e.target.closest("a")&&(n=e.target.closest("a")),n.closest(".ct-panel").classList.contains("active")&&n.matches("a")&&(n.classList.contains("ct-overlay-skip")||(n.closest('nav[data-id*="menu"]')||n.closest('[data-id*="text"]')||n.closest('[data-id*="button"]')||n.matches(".ct-offcanvas-trigger")||n.matches(".ct-header-account")||n.closest(".widget_nav_menu"))&&(A(t,{closeInstant:"#"!==n.getAttribute("href")[0],shouldFocusOriginalTrigger:!1}),setTimeout((function(){(n.matches(".ct-offcanvas-trigger")||n.matches(".ct-header-account"))&&n.click()}),500)))}))))};s().on("ct:offcanvas:force-close",(function(e){return A(e)}));const q=function(e,t){let{event:n,focus:o=!1}=t;P(n,{isModal:!0,container:document.querySelector(e.dataset.togglePanel||e.hash),clickOutside:!0,focus:o})}},891:function(e,t){var n,o;n=function(e){"use strict";function t(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}Object.defineProperty(e,"__esModule",{value:!0});var n=!1;if("undefined"!=typeof window){var o={get passive(){n=!0}};window.addEventListener("testPassive",null,o),window.removeEventListener("testPassive",null,o)}function r(e){return l.some((function(t){return!(!t.options.allowTouchMove||!t.options.allowTouchMove(e))}))}function c(e){var t=e||window.event;return!!r(t.target)||1<t.touches.length||(t.preventDefault&&t.preventDefault(),!1)}function i(){setTimeout((function(){void 0!==f&&(document.body.style.paddingRight=f,f=void 0),void 0!==d&&(document.body.style.overflow=d,d=void 0)}))}var a="undefined"!=typeof window&&window.navigator&&window.navigator.platform&&(/iP(ad|hone|od)/.test(window.navigator.platform)||"MacIntel"===window.navigator.platform&&1<window.navigator.maxTouchPoints),l=[],s=!1,u=-1,d=void 0,f=void 0;e.disableBodyScroll=function(e,o){if(a){if(!e)return void console.error("disableBodyScroll unsuccessful - targetElement must be provided when calling disableBodyScroll on IOS devices.");if(e&&!l.some((function(t){return t.targetElement===e}))){var i={targetElement:e,options:o||{}};l=[].concat(t(l),[i]),e.ontouchstart=function(e){1===e.targetTouches.length&&(u=e.targetTouches[0].clientY)},e.ontouchmove=function(t){var n,o,i,a;1===t.targetTouches.length&&(o=e,a=(n=t).targetTouches[0].clientY-u,r(n.target)||(o&&0===o.scrollTop&&0<a||(i=o)&&i.scrollHeight-i.scrollTop<=i.clientHeight&&a<0?c(n):n.stopPropagation()))},s||(document.addEventListener("touchmove",c,n?{passive:!1}:void 0),s=!0)}}else{v=o,setTimeout((function(){if(void 0===f){var e=!!v&&!0===v.reserveScrollBarGap,t=window.innerWidth-document.documentElement.clientWidth;e&&0<t&&(f=document.body.style.paddingRight,document.body.style.paddingRight=t+"px")}void 0===d&&(d=document.body.style.overflow,document.body.style.overflow="hidden")}));var m={targetElement:e,options:o||{}};l=[].concat(t(l),[m])}var v},e.clearAllBodyScrollLocks=function(){a?(l.forEach((function(e){e.targetElement.ontouchstart=null,e.targetElement.ontouchmove=null})),s&&(document.removeEventListener("touchmove",c,n?{passive:!1}:void 0),s=!1),l=[],u=-1):(i(),l=[])},e.enableBodyScroll=function(e){if(a){if(!e)return void console.error("enableBodyScroll unsuccessful - targetElement must be provided when calling enableBodyScroll on IOS devices.");e.ontouchstart=null,e.ontouchmove=null,l=l.filter((function(t){return t.targetElement!==e})),s&&0===l.length&&(document.removeEventListener("touchmove",c,n?{passive:!1}:void 0),s=!1)}else(l=l.filter((function(t){return t.targetElement!==e}))).length||i()}},void 0===(o=n.apply(t,[t]))||(e.exports=o)}}]);
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/customizer/controls.js

Line 61 in 52d0e62

document.querySelector('.ct-onboarding-button')
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/customizer/options/widget-area/LegacyWidgetArea.js

Line 125 in 52d0e62

widgetContainer
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/customizer/sync/woocommerce/archive-product.js

Line 53 in 52d0e62

el.classList.remove('ct-disable-transitions')
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/dynamic-chunks.js

Line 310 in 52d0e62

document.addEventListener('scroll', cb, { passive: true })
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/editor/sync.js

Line 95 in 52d0e62

document.body.classList.add('ct-theme-editor-styles')
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/header/menu.js

Line 315 in 52d0e62

closeSubmenu(e)
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/layouts/infinite-scroll.js

Line 57 in 52d0e62

'wc_price_based_country_ajax_geolocation'
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/lazy/overlay.js

Line 203 in 52d0e62

.parentNode
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/woocommerce/main.js

Line 120 in 52d0e62

ctEvents.trigger('ct:header:update')
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/woocommerce/mini-cart.js

Line 49 in 52d0e62

📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/woocommerce/single-product-gallery.js

Line 99 in 52d0e62

].map((el) => el.remove())
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/helpers.js

Line 103 in 52d0e62

document.addEventListener('scroll', cb)
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/main.js

Line 236 in 52d0e62

setTimeout(() => document.body.classList.remove('ct-loading'), 1500)
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/options/options/ct-select.js

Line 255 in 52d0e62

itemTop - popoverTop
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/options.js

Line 20 in 52d0e62

initAllWooVariations()
📚

More info on how to fix Insecure Use of Dangerous Function in PHP and JavaScript.

Vulnerable Libraries (19)
Severity Details
Critical pkg:npm/[email protected] upgrade to: > 1.2.0
Critical pkg:npm/[email protected] upgrade to: > 2.0.0
High pkg:gem/[email protected] upgrade to: > 3.8.7
High pkg:pypi/[email protected] upgrade to: 2022.12.07
Medium pkg:pypi/[email protected] upgrade to: 2.31.0
Medium pkg:pypi/[email protected] upgrade to: 2.0.7,1.26.18
High pkg:pypi/[email protected] upgrade to: 2022.12.07
Medium pkg:pypi/[email protected] upgrade to: 2.31.0
Medium pkg:pypi/[email protected] upgrade to: 2.0.7,1.26.18
Medium pkg:composer/enshrined/[email protected] upgrade to: 0.16.0
High [email protected] upgrade to: >2.9.4
High [email protected] upgrade to: >2.29.4
High [email protected] upgrade to: >2.29.4
Medium [email protected] upgrade to: >4.0.6
Medium [email protected] upgrade to: >4.0.6
Medium [email protected] upgrade to: >4.0.6
Medium [email protected] upgrade to: >4.0.6
Medium [email protected] upgrade to: >4.0.6
Medium [email protected] upgrade to: >4.0.6

More info on how to fix Vulnerable Libraries in JavaScript, Ruby, Python and PHP.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kyletaylored