Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Newwork #374

Closed
wants to merge 141 commits into from
Closed

Newwork #374

wants to merge 141 commits into from

Conversation

jamesrutherford
Copy link

Please review my code for X,Y,Z

@kyletaylored
Create upstream_sync.yml
10e2ab9
@kyletaylored
Remove config option
a8fc749
@kyletaylored
Update cron to 15 minutes
9691ec4
@kyletaylored
Test rebase
f208f13
@kyletaylored
Use git protocol
d08edf1
@kyletaylored
Remove --all
62ad199
@kyletaylored
Use HTTPS git
bd1a2fd
@kyletaylored
Track master
4b1a675
@kyletaylored
Update upstream_sync.yml
2164f93
@kyletaylored
Schedule cron on Sundays
b0b6c52
@kyletaylored
Add Pantheon plugins
02c9418 
- BlogVault
- Advanced Page Cache
- HUD
- Solr
- PHP Native Sessions
- Redis
@kyletaylored
Adding sitebuilding plugins
0a9fc9d 
- ACF
- CF7
- Custom Post UI
- Elementor
@kyletaylored
Adding dev plugins
702221e
@kyletaylored
Adding Google Site Kit (and dev)
e8ff5fe
@kyletaylored
Adding Lando config
9dea34f
@kyletaylored
Remove unused themes
de50b15
@kyletaylored
Remove Fastly and Lockr
f1a04de
@kyletaylored
Added Sitekit local config
c7fddd0
@kyletaylored
Add Page Cache TTL to WP CFM
a6f1c6e
@kyletaylored
Add test / live TTL
b1ea879
@kyletaylored
Update upstream_sync.yml
4d9a14e 
Add global email/name
@kyletaylored
Update readme.html
d662b46
@kyletaylored
Break down workflow steps
5aa74b7
@kyletaylored
Create upstream_sync.yml
21e9b77
@kyletaylored
Remove config option
f428da6
@kyletaylored
Update cron to 15 minutes
bd1a295
@kyletaylored
Test rebase
72660d9
@kyletaylored
Use git protocol
b444ea1
@kyletaylored
Remove --all
84a2332
@kyletaylored
Use HTTPS git
7ee9904
Kyle Taylor and others added 27 commits September 27, 2023 02:27
Empty commit
439e78f
Handle existing multidev
cb9baef
Update checkout action
b3a1b36
Add deployment workflow
7ae2b14
Merge branch 'master' into DEV-35
c4bdb86
@kyletaylored
Merge pull request #2 from the-scranton-branch/DEV-35
0f0c5d0 
DEV-35 - Update lando config
Run deploy when pushing to master (for now)
7cda9f3
Merge branch 'master' of github.com:the-scranton-branch/Scranton-Word…
1175b11 
…Press
Try heredoc
90c713c
Concat names by comma
0e62b15
Fix trailing, add brackets
6ba2589
Try JSON
3e05f0f
Try JSON
545f7a5 
Was: Merged master into master
Don't fail everyone
52e9391
Don't fail everyone
c332fcb 
Was: Merged master into master
Remove quiet to see output
47cc857
Remove quiet to see output
3d77680 
Was: Merged master into master
@kyletaylored
Disable index on lando config
72dcc94
Add fetch for repo
6904372
Add fetch for repo
1573448 
Was: Merged master into master
Assume upstream, add badge
131e125
Merge branch 'master' into DEV-36
563f1d7
Ensure setting to git mode
0f55bee
@kyletaylored
Merge pull request #3 from the-scranton-branch/DEV-36
ec7f3cf 
Disable index on lando config
Merge pull request #3 from the-scranton-branch/DEV-36
1a37523 
Disable index on lando config

Was: Merged master into master
Update PHP Native Sessions
2207e56
@jamesrutherford
Fixed it!
fe52f6e
@guardrails GuardRails
Copy link

guardrails bot commented Dec 21, 2023

⚠️ We detected 79 security issues in this pull request:

Hard-Coded Secrets (9)
Severity Details Docs
Medium Title: Hex High Entropy String

WordPress/wp-content/plugins/distributor/composer.json

Line 22 in fe52f6e

"reference":"0eef095b4dc984c26ee8149c01a323be83da715a"
📚
Medium Title: Secret Keyword

WordPress/wp-content/plugins/distributor/includes/classes/Authentications/WordPressDotcomOauth2Authentication.php

Line 42 in fe52f6e

const API_CLIENT_SECRET = 'rest_api_client_secret';
📚
Medium Title: Secret Keyword

WordPress/wp-content/plugins/wpforms-lite/includes/providers/class-constant-contact.php

Line 26 in fe52f6e

public $api_key = 'c58xq3r27udz59h9rrq7qnvf';
📚
Medium Title: Secret Keyword

WordPress/wp-content/plugins/wpforms-lite/src/Integrations/LiteConnect/LiteConnect.php

Line 30 in fe52f6e

const AUTH_KEY_ARG = 'wpforms-liteconnect-auth-key';
📚
Medium Title: Google OAuth Key

WordPress/private/config/dev/sitekit_local.json

Line 2 in fe52f6e

"googlesitekitdev_settings": "a:3:{s:8:\"site_url\";s:36:\"https:\/\/scranton-wordpress.lndo.site\";s:16:\"oauth2_client_id\";s:72:\"600983500769-sl4d8g9q492vkn0cvb5r7r7fjuoticte.apps.googleusercontent.com\";s:20:\"oauth2_client_secret\";s:24:\"BtZ-pPGnamGadkDylivAVJh-\";}",
📚
Medium Title: Google Cloud API Key

WordPress/wp-content/plugins/map-block-gutenberg/assets/js/_source/blocks/inspector.js

Line 93 in fe52f6e

api_key = 'AIzaSyAjyDspiPfzEfjRSS5fQzm-3jHFjHxeXB4';
📚
Medium Title: Google Cloud API Key

WordPress/wp-content/plugins/map-block-gutenberg/assets/js/editor.blocks.js

Line 428 in fe52f6e

eval("/* harmony import */ var __WEBPACK_IMPORTED_MODULE_0_babel_runtime_core_js_object_get_prototype_of__ = __webpack_require__(36);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_0_babel_runtime_core_js_object_get_prototype_of___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_0_babel_runtime_core_js_object_get_prototype_of__);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_1_babel_runtime_helpers_classCallCheck__ = __webpack_require__(38);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_1_babel_runtime_helpers_classCallCheck___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_1_babel_runtime_helpers_classCallCheck__);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_2_babel_runtime_helpers_createClass__ = __webpack_require__(39);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_2_babel_runtime_helpers_createClass___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_2_babel_runtime_helpers_createClass__);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_3_babel_runtime_helpers_possibleConstructorReturn__ = __webpack_require__(40);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_3_babel_runtime_helpers_possibleConstructorReturn___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_3_babel_runtime_helpers_possibleConstructorReturn__);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_4_babel_runtime_helpers_inherits__ = __webpack_require__(46);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_4_babel_runtime_helpers_inherits___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_4_babel_runtime_helpers_inherits__);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_5_lodash_throttle__ = __webpack_require__(93);\n/* harmony import */ var __WEBPACK_IMPORTED_MODULE_5_lodash_throttle___default = __webpack_require__.n(__WEBPACK_IMPORTED_MODULE_5_lodash_throttle__);\n\n\n\n\n\n/**\n * Internal block libraries\n */\n\n\n\nvar Component = wp.element.Component;\nvar _wp$editor = wp.editor,\n InspectorControls = _wp$editor.InspectorControls,\n ColorPalette = _wp$editor.ColorPalette;\nvar _wp$components = wp.components,\n Button = _wp$components.Button,\n ButtonGroup = _wp$components.ButtonGroup,\n CheckboxControl = _wp$components.CheckboxControl,\n PanelBody = _wp$components.PanelBody,\n PanelRow = _wp$components.PanelRow,\n PanelColor = _wp$components.PanelColor,\n RadioControl = _wp$components.RadioControl,\n RangeControl = _wp$components.RangeControl,\n TextControl = _wp$components.TextControl,\n TextareaControl = _wp$components.TextareaControl,\n ToggleControl = _wp$components.ToggleControl,\n Toolbar = _wp$components.Toolbar,\n SelectControl = _wp$components.SelectControl;\n\n/**\n * Create an Inspector Controls wrapper Component\n */\n\nvar Inspector = function (_Component) {\n __WEBPACK_IMPORTED_MODULE_4_babel_runtime_helpers_inherits___default()(Inspector, _Component);\n\n function Inspector() {\n __WEBPACK_IMPORTED_MODULE_1_babel_runtime_helpers_classCallCheck___default()(this, Inspector);\n\n var _this = __WEBPACK_IMPORTED_MODULE_3_babel_runtime_helpers_possibleConstructorReturn___default()(this, (Inspector.__proto__ || __WEBPACK_IMPORTED_MODULE_0_babel_runtime_core_js_object_get_prototype_of___default()(Inspector)).apply(this, arguments));\n\n _this.updateApiKey = _this.updateApiKey.bind(_this);\n _this.updateApiKeyThrottled = __WEBPACK_IMPORTED_MODULE_5_lodash_throttle___default()(_this.updateApiKey, 3000);\n return _this;\n }\n\n __WEBPACK_IMPORTED_MODULE_2_babel_runtime_helpers_createClass___default()(Inspector, [{\n key: 'updateApiKey',\n value: function updateApiKey(key) {\n wf_map_block.api_key = key;\n\n fetch(ajaxurl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: \"action=gmw_map_block_save_key&_ajax_nonce=\" + wf_map_block.nonce_save_api_key + \"&api_key=\" + key\n });\n }\n }, {\n key: 'render',\n value: function render() {\n var _this2 = this;\n\n var _props = this.props,\n _props$attributes = _props.attributes,\n zoom = _props$attributes.zoom,\n height = _props$attributes.height,\n address = _props$attributes.address,\n api_key = _props$attributes.api_key,\n setAttributes = _props.setAttributes;\n\n\n return wp.element.createElement(\n InspectorControls,\n null,\n wp.element.createElement(\n PanelBody,\n null,\n wp.element.createElement(TextControl, {\n label: wf_map_block._address,\n value: address,\n onChange: function onChange(address) {\n return setAttributes({ address: address });\n }\n })\n ),\n wp.element.createElement(\n PanelBody,\n null,\n wp.element.createElement(RangeControl, {\n beforeIcon: 'arrow-left-alt2',\n afterIcon: 'arrow-right-alt2',\n label: wf_map_block._zoom,\n value: zoom,\n onChange: function onChange(zoom) {\n return setAttributes({ zoom: zoom });\n },\n min: 1,\n max: 21\n })\n ),\n wp.element.createElement(\n PanelBody,\n null,\n wp.element.createElement(RangeControl, {\n beforeIcon: 'arrow-left-alt2',\n afterIcon: 'arrow-right-alt2',\n label: wf_map_block._height,\n value: height,\n onChange: function onChange(height) {\n return setAttributes({ height: height });\n },\n min: 50,\n max: 1000\n })\n ),\n wp.element.createElement(\n PanelBody,\n null,\n wp.element.createElement(TextControl, {\n label: wf_map_block._api_key,\n help: wp.element.createElement(\n 'p',\n null,\n wf_map_block._api_info_start,\n ' ',\n wp.element.createElement(\n 'a',\n { href: 'https://console.developers.google.com', target: '_blank' },\n wf_map_block._api_info_console\n ),\n '. ',\n wf_map_block._api_info_end\n ),\n value: api_key,\n onChange: function onChange(api_key) {\n if (!api_key) {\n api_key = 'AIzaSyAjyDspiPfzEfjRSS5fQzm-3jHFjHxeXB4';\n }\n setAttributes({ api_key: api_key });\n _this2.updateApiKeyThrottled(api_key);\n }\n })\n )\n );\n }\n }]);\n\n return Inspector;\n}(Component);\n\n/* harmony default export */ __webpack_exports__[\"a\"] = (Inspector);//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiNTguanMiLCJzb3VyY2VzIjpbIndlYnBhY2s6Ly8vLi9ibG9ja3MvaW5zcGVjdG9yLmpzPzVmYTIiXSwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IF9PYmplY3QkZ2V0UHJvdG90eXBlT2YgZnJvbSAnYmFiZWwtcnVudGltZS9jb3JlLWpzL29iamVjdC9nZXQtcHJvdG90eXBlLW9mJztcbmltcG9ydCBfY2xhc3NDYWxsQ2hlY2sgZnJvbSAnYmFiZWwtcnVudGltZS9oZWxwZXJzL2NsYXNzQ2FsbENoZWNrJztcbmltcG9ydCBfY3JlYXRlQ2xhc3MgZnJvbSAnYmFiZWwtcnVudGltZS9oZWxwZXJzL2NyZWF0ZUNsYXNzJztcbmltcG9ydCBfcG9zc2libGVDb25zdHJ1Y3RvclJldHVybiBmcm9tICdiYWJlbC1ydW50aW1lL2hlbHBlcnMvcG9zc2libGVDb25zdHJ1Y3RvclJldHVybic7XG5pbXBvcnQgX2luaGVyaXRzIGZyb20gJ2JhYmVsLXJ1bnRpbWUvaGVscGVycy9pbmhlcml0cyc7XG4vKipcbiAqIEludGVybmFsIGJsb2NrIGxpYnJhcmllc1xuICovXG5cbmltcG9ydCB0aHJvdHRsZSBmcm9tICdsb2Rhc2gudGhyb3R0bGUnO1xuXG52YXIgQ29tcG9uZW50ID0gd3AuZWxlbWVudC5Db21wb25lbnQ7XG52YXIgX3dwJGVkaXRvciA9IHdwLmVkaXRvcixcbiAgICBJbnNwZWN0b3JDb250cm9scyA9IF93cCRlZGl0b3IuSW5zcGVjdG9yQ29udHJvbHMsXG4gICAgQ29sb3JQYWxldHRlID0gX3dwJGVkaXRvci5Db2xvclBhbGV0dGU7XG52YXIgX3dwJGNvbXBvbmVudHMgPSB3cC5jb21wb25lbnRzLFxuICAgIEJ1dHRvbiA9IF93cCRjb21wb25lbnRzLkJ1dHRvbixcbiAgICBCdXR0b25Hcm91cCA9IF93cCRjb21wb25lbnRzLkJ1dHRvbkdyb3VwLFxuICAgIENoZWNrYm94Q29udHJvbCA9IF93cCRjb21wb25lbnRzLkNoZWNrYm94Q29udHJvbCxcbiAgICBQYW5lbEJvZHkgPSBfd3AkY29tcG9uZW50cy5QYW5lbEJvZHksXG4gICAgUGFuZWxSb3cgPSBfd3AkY29tcG9uZW50cy5QYW5lbFJvdyxcbiAgICBQYW5lbENvbG9yID0gX3dwJGNvbXBvbmVudHMuUGFuZWxDb2xvcixcbiAgICBSYWRpb0NvbnRyb2wgPSBfd3AkY29tcG9uZW50cy5SYWRpb0NvbnRyb2wsXG4gICAgUmFuZ2VDb250cm9sID0gX3dwJGNvbXBvbmVudHMuUmFuZ2VDb250cm9sLFxuICAgIFRleHRDb250cm9sID0gX3dwJGNvbXBvbmVudHMuVGV4dENvbnRyb2wsXG4gICAgVGV4dGFyZWFDb250cm9sID0gX3dwJGNvbXBvbmVudHMuVGV4dGFyZWFDb250cm9sLFxuICAgIFRvZ2dsZUNvbnRyb2wgPSBfd3AkY29tcG9uZW50cy5Ub2dnbGVDb250cm9sLFxuICAgIFRvb2xiYXIgPSBfd3AkY29tcG9uZW50cy5Ub29sYmFyLFxuICAgIFNlbGVjdENvbnRyb2wgPSBfd3AkY29tcG9uZW50cy5TZWxlY3RDb250cm9sO1xuXG4vKipcbiAqIENyZWF0ZSBhbiBJbnNwZWN0b3IgQ29udHJvbHMgd3JhcHBlciBDb21wb25lbnRcbiAqL1xuXG52YXIgSW5zcGVjdG9yID0gZnVuY3Rpb24gKF9Db21wb25lbnQpIHtcbiAgICBfaW5oZXJpdHMoSW5zcGVjdG9yLCBfQ29tcG9uZW50KTtcblxuICAgIGZ1bmN0aW9uIEluc3BlY3RvcigpIHtcbiAgICAgICAgX2NsYXNzQ2FsbENoZWNrKHRoaXMsIEluc3BlY3Rvcik7XG5cbiAgICAgICAgdmFyIF90aGlzID0gX3Bvc3NpYmxlQ29uc3RydWN0b3JSZXR1cm4odGhpcywgKEluc3BlY3Rvci5fX3Byb3RvX18gfHwgX09iamVjdCRnZXRQcm90b3R5cGVPZihJbnNwZWN0b3IpKS5hcHBseSh0aGlzLCBhcmd1bWVudHMpKTtcblxuICAgICAgICBfdGhpcy51cGRhdGVBcGlLZXkgPSBfdGhpcy51cGRhdGVBcGlLZXkuYmluZChfdGhpcyk7XG4gICAgICAgIF90aGlzLnVwZGF0ZUFwaUtleVRocm90dGxlZCA9IHRocm90dGxlKF90aGlzLnVwZGF0ZUFwaUtleSwgMzAwMCk7XG4gICAgICAgIHJldHVybiBfdGhpcztcbiAgICB9XG5cbiAgICBfY3JlYXRlQ2xhc3MoSW5zcGVjdG9yLCBbe1xuICAgICAgICBrZXk6ICd1cGRhdGVBcGlLZXknLFxuICAgICAgICB2YWx1ZTogZnVuY3Rpb24gdXBkYXRlQXBpS2V5KGtleSkge1xuICAgICAgICAgICAgd2ZfbWFwX2Jsb2NrLmFwaV9rZXkgPSBrZXk7XG5cbiAgICAgICAgICAgIGZldGNoKGFqYXh1cmwsIHtcbiAgICAgICAgICAgICAgICBtZXRob2Q6ICdQT1NUJyxcbiAgICAgICAgICAgICAgICBoZWFkZXJzOiB7ICdDb250ZW50LVR5cGUnOiAnYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkJyB9LFxuICAgICAgICAgICAgICAgIGJvZHk6IFwiYWN0aW9uPWdtd19tYXBfYmxvY2tfc2F2ZV9rZXkmYXBpX2tleT1cIiArIGtleVxuICAgICAgICAgICAgfSk7XG4gICAgICAgIH1cbiAgICB9LCB7XG4gICAgICAgIGtleTogJ3JlbmRlcicsXG4gICAgICAgIHZhbHVlOiBmdW5jdGlvbiByZW5kZXIoKSB7XG4gICAgICAgICAgICB2YXIgX3RoaXMyID0gdGhpcztcblxuICAgICAgICAgICAgdmFyIF9wcm9wcyA9IHRoaXMucHJvcHMsXG4gICAgICAgICAgICAgICAgX3Byb3BzJGF0dHJpYnV0ZXMgPSBfcHJvcHMuYXR0cmlidXRlcyxcbiAgICAgICAgICAgICAgICB6b29tID0gX3Byb3BzJGF0dHJpYnV0ZXMuem9vbSxcbiAgICAgICAgICAgICAgICBoZWlnaHQgPSBfcHJvcHMkYXR0cmlidXRlcy5oZWlnaHQsXG4gICAgICAgICAgICAgICAgYWRkcmVzcyA9IF9wcm9wcyRhdHRyaWJ1dGVzLmFkZHJlc3MsXG4gICAgICAgICAgICAgICAgYXBpX2tleSA9IF9wcm9wcyRhdHRyaWJ1dGVzLmFwaV9rZXksXG4gICAgICAgICAgICAgICAgc2V0QXR0cmlidXRlcyA9IF9wcm9wcy5zZXRBdHRyaWJ1dGVzO1xuXG5cbiAgICAgICAgICAgIHJldHVybiB3cC5lbGVtZW50LmNyZWF0ZUVsZW1lbnQoXG4gICAgICAgICAgICAgICAgSW5zcGVjdG9yQ29udHJvbHMsXG4gICAgICAgICAgICAgICAgbnVsbCxcbiAgICAgICAgICAgICAgICB3cC5lbGVtZW50LmNyZWF0ZUVsZW1lbnQoXG4gICAgICAgICAgICAgICAgICAgIFBhbmVsQm9keSxcbiAgICAgICAgICAgICAgICAgICAgbnVsbCxcbiAgICAgICAgICAgICAgICAgICAgd3AuZWxlbWVudC5jcmVhdGVFbGVtZW50KFRleHRDb250cm9sLCB7XG4gICAgICAgICAgICAgICAgICAgICAgICBsYWJlbDogd2ZfbWFwX2Jsb2NrLl9hZGRyZXNzLFxuICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU6IGFkZHJlc3MsXG4gICAgICAgICAgICAgICAgICAgICAgICBvbkNoYW5nZTogZnVuY3Rpb24gb25DaGFuZ2UoYWRkcmVzcykge1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiBzZXRBdHRyaWJ1dGVzKHsgYWRkcmVzczogYWRkcmVzcyB9KTtcbiAgICAgICAgICAgICAgICAgICAgICAgIH1cbiAgICAgICAgICAgICAgICAgICAgfSlcbiAgICAgICAgICAgICAgICApLFxuICAgICAgICAgICAgICAgIHdwLmVsZW1lbnQuY3JlYXRlRWxlbWVudChcbiAgICAgICAgICAgICAgICAgICAgUGFuZWxCb2R5LFxuICAgICAgICAgICAgICAgICAgICBudWxsLFxuICAgICAgICAgICAgICAgICAgICB3cC5lbGVtZW50LmNyZWF0ZUVsZW1lbnQoUmFuZ2VDb250cm9sLCB7XG4gICAgICAgICAgICAgICAgICAgICAgICBiZWZvcmVJY29uOiAnYXJyb3ctbGVmdC1hbHQyJyxcbiAgICAgICAgICAgICAgICAgICAgICAgIGFmdGVySWNvbjogJ2Fycm93LXJpZ2h0LWFsdDInLFxuICAgICAgICAgICAgICAgICAgICAgICAgbGFiZWw6IHdmX21hcF9ibG9jay5fem9vbSxcbiAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlOiB6b29tLFxuICAgICAgICAgICAgICAgICAgICAgICAgb25DaGFuZ2U6IGZ1bmN0aW9uIG9uQ2hhbmdlKHpvb20pIHtcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICByZXR1cm4gc2V0QXR0cmlidXRlcyh7IHpvb206IHpvb20gfSk7XG4gICAgICAgICAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICAgICAgICAgICAgbWluOiAxLFxuICAgICAgICAgICAgICAgICAgICAgICAgbWF4OiAyMVxuICAgICAgICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgICAgICksXG4gICAgICAgICAgICAgICAgd3AuZWxlbWVudC5jcmVhdGVFbGVtZW50KFxuICAgICAgICAgICAgICAgICAgICBQYW5lbEJvZHksXG4gICAgICAgICAgICAgICAgICAgIG51bGwsXG4gICAgICAgICAgICAgICAgICAgIHdwLmVsZW1lbnQuY3JlYXRlRWxlbWVudChSYW5nZUNvbnRyb2wsIHtcbiAgICAgICAgICAgICAgICAgICAgICAgIGJlZm9yZUljb246ICdhcnJvdy1sZWZ0LWFsdDInLFxuICAgICAgICAgICAgICAgICAgICAgICAgYWZ0ZXJJY29uOiAnYXJyb3ctcmlnaHQtYWx0MicsXG4gICAgICAgICAgICAgICAgICAgICAgICBsYWJlbDogd2ZfbWFwX2Jsb2NrLl9oZWlnaHQsXG4gICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZTogaGVpZ2h0LFxuICAgICAgICAgICAgICAgICAgICAgICAgb25DaGFuZ2U6IGZ1bmN0aW9uIG9uQ2hhbmdlKGhlaWdodCkge1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiBzZXRBdHRyaWJ1dGVzKHsgaGVpZ2h0OiBoZWlnaHQgfSk7XG4gICAgICAgICAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICAgICAgICAgICAgbWluOiA1MCxcbiAgICAgICAgICAgICAgICAgICAgICAgIG1heDogMTAwMFxuICAgICAgICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgICAgICksXG4gICAgICAgICAgICAgICAgd3AuZWxlbWVudC5jcmVhdGVFbGVtZW50KFxuICAgICAgICAgICAgICAgICAgICBQYW5lbEJvZHksXG4gICAgICAgICAgICAgICAgICAgIG51bGwsXG4gICAgICAgICAgICAgICAgICAgIHdwLmVsZW1lbnQuY3JlYXRlRWxlbWVudChUZXh0Q29udHJvbCwge1xuICAgICAgICAgICAgICAgICAgICAgICAgbGFiZWw6IHdmX21hcF9ibG9jay5fYXBpX2tleSxcbiAgICAgICAgICAgICAgICAgICAgICAgIGhlbHA6IHdwLmVsZW1lbnQuY3JlYXRlRWxlbWVudChcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAncCcsXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgbnVsbCxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICB3Zl9tYXBfYmxvY2suX2FwaV9pbmZvX3N0YXJ0LFxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICcgJyxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICB3cC5lbGVtZW50LmNyZWF0ZUVsZW1lbnQoXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdhJyxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeyBocmVmOiAnaHR0cHM6Ly9jb25zb2xlLmRldmVsb3BlcnMuZ29vZ2xlLmNvbScsIHRhcmdldDogJ19ibGFuaycgfSxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ZfbWFwX2Jsb2NrLl9hcGlfaW5mb19jb25zb2xlXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgKSxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAnLiAnLFxuICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdmX21hcF9ibG9jay5fYXBpX2luZm9fZW5kXG4gICAgICAgICAgICAgICAgICAgICAgICApLFxuICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU6IGFwaV9rZXksXG4gICAgICAgICAgICAgICAgICAgICAgICBvbkNoYW5nZTogZnVuY3Rpb24gb25DaGFuZ2UoYXBpX2tleSkge1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmICghYXBpX2tleSkge1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcGlfa2V5ID0gJ0FJemFTeUFqeURzcGlQZnpFZmpSU1M1ZlF6bS0zakhGakh4ZVhCNCc7XG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNldEF0dHJpYnV0ZXMoeyBhcGlfa2V5OiBhcGlfa2V5IH0pO1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgIF90aGlzMi51cGRhdGVBcGlLZXlUaHJvdHRsZWQoYXBpX2tleSk7XG4gICAgICAgICAgICAgICAgICAgICAgICB9XG4gICAgICAgICAgICAgICAgICAgIH0pXG4gICAgICAgICAgICAgICAgKVxuICAgICAgICAgICAgKTtcbiAgICAgICAgfVxuICAgIH1dKTtcblxuICAgIHJldHVybiBJbnNwZWN0b3I7XG59KENvbXBvbmVudCk7XG5cbmV4cG9ydCBkZWZhdWx0IEluc3BlY3RvcjtcblxuXG4vLy8vLy8vLy8vLy8vLy8vLy9cbi8vIFdFQlBBQ0sgRk9PVEVSXG4vLyAuL2Jsb2Nrcy9pbnNwZWN0b3IuanNcbi8vIG1vZHVsZSBpZCA9IDU4XG4vLyBtb2R1bGUgY2h1bmtzID0gMCJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQSIsInNvdXJjZVJvb3QiOiIifQ==\n//# sourceURL=webpack-internal:///58\n");
📚
Medium Title: Google Cloud API Key

WordPress/wp-content/plugins/map-block-gutenberg/map-block-gutenberg.php

Line 123 in fe52f6e

$api_key = get_option('gmw-map-block-key') ? get_option('gmw-map-block-key') : 'AIzaSyAjyDspiPfzEfjRSS5fQzm-3jHFjHxeXB4';
📚
Medium Title: WP-Config

WordPress/wp-content/plugins/wp-native-php-sessions/inc/class-session.php

Line 265 in fe52f6e

$dbpassword = defined( 'DB_PASSWORD' ) ? DB_PASSWORD : '';
📚

More info on how to fix Hard-Coded Secrets in General, JavaScript and PHP.

Insecure File Management (1)
Severity Details Docs
Medium Title: File inclusions with user input

WordPress/private/scripts/db-sanitize.php

Line 24 in fe52f6e

require_once $_SERVER['DOCUMENT_ROOT'] . '/wp-load.php';
📚

More info on how to fix Insecure File Management in PHP.

Insecure Network Communication (2)
Severity Details Docs
High Title: SSL verification is disabled (curl)

WordPress/wp-content/plugins/blocksy-companion/framework/helpers/helpers.php

Line 54 in fe52f6e

curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
📚
High Title: SSL verification is disabled (curl)

WordPress/wp-content/plugins/ocean-extra/includes/widgets/mailchimp.php

Line 76 in fe52f6e

curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
📚

More info on how to fix Insecure Network Communication in PHP.

Insecure Processing of Data (21)
Severity Details Docs
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js

Line 84 in fe52f6e

'blocksy-companion'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js

Line 131 in fe52f6e

'</a>'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js

Line 147 in fe52f6e

'</a>'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js

Line 166 in fe52f6e

'</a>'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/static/js/helpers/useExtensionReadme.js

Line 25 in fe52f6e

__html: extension.readme
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/static/js/screens/DemoInstall.js

Line 92 in fe52f6e

__html: demo_error,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/plugins/blocksy-companion/static/js/screens/DemoInstall.js

Line 135 in fe52f6e

'blocksy-companion'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/admin/dashboard/static/js/screens/Changelog.js

Line 78 in fe52f6e

'<span class="fix" title="Fix"></span>'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/bundle/274.b2841b7778b85d53b946.js

Line 1 in fe52f6e

"use strict";(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[274],{5274:function(e,t,n){n.r(t),n.d(t,{mount:function(){return i}});var o=n(1381),c=n(5652),l=n(5311),a=n.n(l),s=function(e){let{initialStatus:t,url:n,pluginUrl:l,pluginLink:s}=e;const[i,r]=(0,o.useState)("installed"),[u,m]=(0,o.useState)(!1),y=(0,o.useRef)(null);return(0,o.useEffect)((function(){r(t)}),[]),(0,o.createElement)("div",{className:"ct-blocksy-plugin-inner",ref:y},(0,o.createElement)("button",{onClick:function(){y.current.closest(".notice-blocksy-plugin").parentNode.removeChild(y.current.closest(".notice-blocksy-plugin")),a().ajax(ajaxurl,{type:"POST",data:{action:"blocksy_dismissed_notice_handler"}})},type:"button",className:"notice-dismiss"},(0,o.createElement)("span",{className:"screen-reader-text"},(0,c.__)("Dismiss this notice.","blocksy"))),(0,o.createElement)("span",{className:"ct-notification-icon"},(0,o.createElement)("svg",{width:"50",height:"50",viewBox:"0 0 50 50",xmlns:"http://www.w3.org/2000/svg"},(0,o.createElement)("path",{d:"M25 0c13.807 0 25 11.193 25 25S38.807 50 25 50 0 38.807 0 25 11.193 0 25 0zm4.735 25.637a.237.237 0 00-.312 0L19.28 34.83c-.069.063-.02.171.078.171h9.492c.116 0 .229-.042.312-.117l4.45-4.035a1.122 1.122 0 000-1.697zm0-10a.237.237 0 00-.312 0L18.13 25.873a.382.382 0 00-.129.282v7.613c0 .09.119.134.188.071l14.636-13.333c.517-.468.518-1.589 0-2.057zM27.674 15H18.22c-.122 0-.221.09-.221.2v8.568c0 .09.119.134.188.071l9.564-8.668c.07-.063.02-.171-.078-.171z",fill:"#23282D",fillRule:"evenodd"}))),(0,o.createElement)("div",{className:"ct-notification-content"},(0,o.createElement)("h2",null,(0,c.__)("Thanks for installing Blocksy, you rock!","blocksy")),(0,o.createElement)("p",{dangerouslySetInnerHTML:{__html:(0,c.__)("We strongly recommend you to activate the <b>Blocksy Companion</b> plugin.<br>This way you will have access to custom extensions, demo templates and many other awesome features.","blocksy")}}),(0,o.createElement)("div",{className:"notice-actions"},null,(0,o.createElement)("button",{className:"button button-primary",disabled:u||"active"===i,onClick:function(){m(!0),setTimeout((function(){})),a().ajax(ajaxurl,{type:"POST",data:{action:"blocksy_notice_button_click"}}).then((function(e){let{success:t,data:n}=e;t&&(r(n.status),"active"===n.status&&location.assign(l)),m(!1)}))}},u?(0,c.__)("Installing & activating...","blocksy"):"uninstalled"===i?(0,c.__)("Install Blocksy Companion","blocksy"):"installed"===i?(0,c.__)("Activate Blocksy Companion","blocksy"):(0,c.__)("Blocksy Companion active!","blocksy"),u&&(0,o.createElement)("i",{className:"dashicons dashicons-update"})),(0,o.createElement)("a",{className:"ct-why-button button",href:"https://creativethemes.com/blocksy/companion/"},(0,c.__)("Why you need Blocksy Companion?","blocksy")))))};const i=function(e){e.querySelector(".notice-blocksy-plugin-root")&&(0,o.render)((0,o.createElement)(s,{initialStatus:e.querySelector(".notice-blocksy-plugin-root").dataset.pluginStatus,url:e.querySelector(".notice-blocksy-plugin-root").dataset.url,pluginUrl:e.querySelector(".notice-blocksy-plugin-root").dataset.pluginUrl,pluginLink:e.querySelector(".notice-blocksy-plugin-root").dataset.link}),e.querySelector(".notice-blocksy-plugin-root")),[...document.querySelectorAll("[data-dismiss]")].map((function(e){e.addEventListener("click",(function(t){t.preventDefault(),e.closest(".notice-blocksy-woo-deprecation").remove(),a().ajax(ajaxurl,{type:"POST",data:{action:"blocksy_dismissed_notice_woo_deprecation"}})}))}))}}}]);
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/customizer/panels-builder/columns/AvailableItems.js

Line 54 in fe52f6e

builderValue.id
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/customizer/panels-builder/placements/AvailableItems.js

Line 57 in fe52f6e

builderValue.id
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/editor.js

Line 109 in fe52f6e

__html: ct_editor_localizations.options_panel_svg,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/notification/Notification.js

Line 72 in fe52f6e

'blocksy'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/GenericOptionType.js

Line 431 in fe52f6e

__html: maybeLink,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/GenericOptionType.js

Line 593 in fe52f6e

__html: maybeLink,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/GenericOptionType.js

Line 605 in fe52f6e

__html: maybeDesc,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/options/ct-image-picker.js

Line 67 in fe52f6e

__html: choice.src,
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/options/ct-radio.js

Line 67 in fe52f6e

__html: option.choices[choice],
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/options/ct-ratio.js

Line 221 in fe52f6e

'</a>'
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/options/html.js

Line 15 in fe52f6e

__html: option.html || '',
📚
Medium Title: Unescaped user input in React dangerouslySetInnerHTML

WordPress/wp-content/themes/blocksy/static/js/options/options/typography/TypographyModal.js

Line 428 in fe52f6e

'</a>'
📚

More info on how to fix Insecure Processing of Data in JavaScript.

Insecure Use of Dangerous Function (27)
Severity Details Docs
Critical Title: OS execution function with user input

WordPress/private/scripts/wp-site-import.php

Line 8 in fe52f6e

passthru("wp import $path/sample-data.xml --authors=skip");
📚
Critical Title: OS execution function with user input

WordPress/private/scripts/wp-site-install.php

Line 10 in fe52f6e

passthru("wp core install --title='$title' --admin_user='superuser' --admin_email='$email'");
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/admin-static/bundle/main.js

Line 1 in fe52f6e

!function(){var e,t,n={427:function(e,t,n){n.p=blocksy_ext_newsletter_subscribe_localization.public_url},313:function(e){"use strict";e.exports=window.React},381:function(e){"use strict";e.exports=window.wp.element},652:function(e){"use strict";e.exports=window.wp.i18n}},r={};function o(e){var t=r[e];if(void 0!==t)return t.exports;var i=r[e]={exports:{}};return n[e](i,i.exports,o),i.exports}o.m=n,o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,{a:t}),t},o.d=function(e,t){for(var n in t)o.o(t,n)&&!o.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},o.f={},o.e=function(e){return Promise.all(Object.keys(o.f).reduce((function(t,n){return o.f[n](e,t),t}),[]))},o.u=function(e){return e+"."+{260:"488fa16bb3be9a5f0f77",564:"9a7f61d0beb807554c33"}[e]+".js"},o.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},e={},t="blocksy-companion:",o.l=function(n,r,i,c){if(e[n])e[n].push(r);else{var u,a;if(void 0!==i)for(var l=document.getElementsByTagName("script"),s=0;s<l.length;s++){var f=l[s];if(f.getAttribute("src")==n||f.getAttribute("data-webpack")==t+i){u=f;break}}u||(a=!0,(u=document.createElement("script")).charset="utf-8",u.timeout=120,o.nc&&u.setAttribute("nonce",o.nc),u.setAttribute("data-webpack",t+i),u.src=n),e[n]=[r];var d=function(t,r){u.onerror=u.onload=null,clearTimeout(p);var o=e[n];if(delete e[n],u.parentNode&&u.parentNode.removeChild(u),o&&o.forEach((function(e){return e(r)})),t)return t(r)},p=setTimeout(d.bind(null,void 0,{type:"timeout",target:u}),12e4);u.onerror=d.bind(null,u.onerror),u.onload=d.bind(null,u.onload),a&&document.head.appendChild(u)}},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},function(){var e;o.g.importScripts&&(e=o.g.location+"");var t=o.g.document;if(!e&&t&&(t.currentScript&&(e=t.currentScript.src),!e)){var n=t.getElementsByTagName("script");n.length&&(e=n[n.length-1].src)}if(!e)throw new Error("Automatic publicPath is not supported in this browser");e=e.replace(/#.*$/,"").replace(/\?.*$/,"").replace(/\/[^\/]+$/,"/"),o.p=e}(),function(){var e={179:0};o.f.j=function(t,n){var r=o.o(e,t)?e[t]:void 0;if(0!==r)if(r)n.push(r[2]);else{var i=new Promise((function(n,o){r=e[t]=[n,o]}));n.push(r[2]=i);var c=o.p+o.u(t),u=new Error;o.l(c,(function(n){if(o.o(e,t)&&(0!==(r=e[t])&&(e[t]=void 0),r)){var i=n&&("load"===n.type?"missing":n.type),c=n&&n.target&&n.target.src;u.message="Loading chunk "+t+" failed.\n("+i+": "+c+")",u.name="ChunkLoadError",u.type=i,u.request=c,r[1](u)}}),"chunk-"+t,t)}};var t=function(t,n){var r,i,[c,u,a]=n,l=0;if(c.some((function(t){return 0!==e[t]}))){for(r in u)o.o(u,r)&&(o.m[r]=u[r]);a&&a(o)}for(t&&t(n);l<c.length;l++)i=c[l],o.o(e,i)&&e[i]&&e[i][0](),e[i]=0},n=globalThis.blocksyNewsletterSubscribeExtJsonp=globalThis.blocksyNewsletterSubscribeExtJsonp||[];n.forEach(t.bind(null,0)),n.push=t.bind(null,n.push.bind(n))}(),function(){"use strict";o(427);var e=o(381),t=o(652),n=o(313),r=(0,n.lazy)((function(){return Promise.all([o.e(260),o.e(564)]).then(o.bind(o,564))})),i=function(o){return(0,e.createElement)("div",null,(0,e.createElement)(n.Suspense,{fallback:(0,e.createElement)("div",{className:"ct-select-input"},(0,e.createElement)("input",{disabled:!0,placeholder:(0,t.__)("Loading...","blocksy-companion")}))},(0,e.createElement)(r,o)))},c=window.ctEvents,u=o.n(c);document.addEventListener("DOMContentLoaded",(function(){return u().on("blocksy:options:register",(function(e){e["blocksy-newsletter-subscribe"]=i}))}))}()}();
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/plugins/blocksy-companion/static/bundle/sticky.js

Line 1 in fe52f6e

!function(){"use strict";var t={n:function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(r,{a:r}),r},d:function(e,r){for(var n in r)t.o(r,n)&&!t.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:r[n]})},o:function(t,e){return Object.prototype.hasOwnProperty.call(t,e)}},e=window.ctEvents,r=t.n(e),n=window.ctFrontend,i=function(t,e,r){return Math.max(t,Math.min(e,r))},o=function(t,e,r){return e[0]+(e[1]-e[0])/(t[1]-t[0])*(r-t[0])},a=function(t){var e=getComputedStyle(t),r=getComputedStyle(t.firstElementChild),n=parseFloat(e.borderTopWidth)+parseFloat(e.borderBottomWidth)+parseFloat(r.borderTopWidth)+parseFloat(r.borderBottomWidth),i=parseFloat(e.getPropertyValue("--height"));if(t.querySelector('[data-items] > [data-id="logo"]')){var o=getComputedStyle(t.querySelector('[data-items] > [data-id="logo"]')),a=parseFloat(o.height);if(a+=parseFloat(o.marginTop)+parseFloat(o.marginBottom),t.querySelector(".site-logo-container")){var c=getComputedStyle(t.querySelector(".site-logo-container")),s=parseFloat(c.getPropertyValue("--logo-shrink-height")||0);s>0&&(a=a-s+parseFloat(c.getPropertyValue("--logo-max-height")||50))}a>i&&(i=a)}return i+n},c=function(t){if(t.blcInitialHeight)return t.blcInitialHeight;var e=t.firstElementChild;t.firstElementChild.firstElementChild&&(e=t.firstElementChild.firstElementChild);var r=e.getBoundingClientRect().height;return t.blcInitialHeight=r,r},s=function(t){var e=!(arguments.length>1&&void 0!==arguments[1])||arguments[1];if(t.blcStickyHeight)return t.blcStickyHeight;var r=c(t),n=getComputedStyle(t),i=getComputedStyle(t.firstElementChild);if(t.closest('[data-sticky*="yes"]')){var o=parseFloat(n.borderTopWidth)+parseFloat(n.borderBottomWidth)+parseFloat(i.borderTopWidth)+parseFloat(i.borderBottomWidth);e||(o=0);var s=t.getBoundingClientRect().height-o;if(s!==r||r>a(t))return t.blcStickyHeight=t.getBoundingClientRect().height,s}var l=100;return t.dataset.row.includes("middle")&&(l=n.getPropertyValue("--sticky-shrink")),l&&(r*=parseFloat(l)/100),r},l=function(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:function(){return 0},e=document.querySelector(".ct-floating-bar");e&&e.style.setProperty("--header-sticky-height-animated",t())};function u(t,e){(null==e||e>t.length)&&(e=t.length);for(var r=0,n=new Array(e);r<e;r++)n[r]=t[r];return n}var d=null,y=function(t){var e,r=t.stickyContainer,n=t.startPosition;(e=r.querySelectorAll('[data-row*="middle"]'),function(t){if(Array.isArray(t))return u(t)}(e)||function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}(e)||function(t,e){if(t){if("string"==typeof t)return u(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?u(t,e):void 0}}(e)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()).map((function(t){if(t.querySelector('[data-id="logo"] .site-logo-container')){var e=t.querySelector('[data-id="logo"] .site-logo-container'),r=function(t){var e=t.logo,r=t.row;if(d)return d;var n=parseFloat(getComputedStyle(e).getPropertyValue("--logo-max-height")||50),i=parseFloat(getComputedStyle(e).getPropertyValue("--logo-sticky-shrink").toString().replace(",",".")||1),o=c(r),a=s(r);return d={initialHeight:n,stickyShrink:i,rowInitialHeight:o,rowStickyHeight:a}}({logo:e,row:t}),a=r.initialHeight,l=r.stickyShrink,u=r.rowInitialHeight,y=r.rowStickyHeight,f=a*l;1!==l&&e.style.setProperty("--logo-shrink-height","".concat(o([n,n+Math.abs(u===y?a-f:u-y)],[1,l],i(n,n+Math.abs(u===y?a-f:u-y),scrollY))*a,"px"))}}))},f=null,h=function(t){var e=t.stickyContainer,r=(t.containerInitialHeight,t.startPosition);e.querySelector('[data-row*="middle"]')&&[e.querySelector('[data-row*="middle"]')].map((function(t){var e=function(t){var e=t.row;if(f)return f;var r=c(e),n=s(e);return f={rowInitialHeight:r,rowStickyHeight:n}}({row:t}),n=e.rowInitialHeight,a=e.rowStickyHeight;if(n!==a){var l;l=o([r,r+Math.abs(n-a)],[n,a],i(r,r+Math.abs(n-a),scrollY)),t.style.setProperty("--shrink-height","".concat(l,"px"))}}))};function m(t){return function(t){if(Array.isArray(t))return p(t)}(t)||function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}(t)||function(t,e){if(t){if("string"==typeof t)return p(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?p(t,e):void 0}}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function p(t,e){(null==e||e>t.length)&&(e=t.length);for(var r=0,n=new Array(e);r<e;r++)n[r]=t[r];return n}function g(t){return function(t){if(Array.isArray(t))return k(t)}(t)||function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}(t)||function(t,e){if(t){if("string"==typeof t)return k(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?k(t,e):void 0}}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function k(t,e){(null==e||e>t.length)&&(e=t.length);for(var r=0,n=new Array(e);r<e;r++)n[r]=t[r];return n}var v=function(t){var e=t.stickyContainer,r=g(e.querySelectorAll("[data-row]")).reduce((function(t,e){return t+s(e,!1)}),0);return{stickyContainerHeight:r,stickyContainerHeightAbsolute:r+parseFloat(getComputedStyle(e).top)}},b=null;function w(t){return function(t){if(Array.isArray(t))return S(t)}(t)||function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}(t)||function(t,e){if(t){if("string"==typeof t)return S(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?S(t,e):void 0}}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function S(t,e){(null==e||e>t.length)&&(e=t.length);for(var r=0,n=new Array(e);r<e;r++)n[r]=t[r];return n}function A(t){return function(t){if(Array.isArray(t))return C(t)}(t)||function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}(t)||function(t,e){if(t){if("string"==typeof t)return C(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?C(t,e):void 0}}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function C(t,e){(null==e||e>t.length)&&(e=t.length);for(var r=0,n=new Array(e);r<e;r++)n[r]=t[r];return n}var O=function(t){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"yes";Array.from(t.querySelectorAll("[data-row][data-transparent-row]")).map((function(t){t.dataset.transparentRow=e}))},x=null,I={},j=null,H=null,P=!1,q=function(){f=null,d=null,x=null,j=null,H=null,T=null,P=!1};if(r().on("blocksy:sticky:compute",(function(){setTimeout((function(){q(),Y()}),100)})),window.wp&&wp.customize&&wp.customize.selectiveRefresh){var F=!1;wp.customize.selectiveRefresh.bind("partial-content-rendered",(function(t){F||(F=!0,setTimeout((function(){q(),P=!0,Y(),F=!1}),500))}))}var T=null,Y=function(){if(T!==scrollY){var t=document.querySelector('[data-device="'.concat((0,n.getCurrentScreen)(),'"] [data-sticky]'));if(t){var e=(0,n.getCurrentScreen)({withTablet:!0}),r=I[e],i=!r||P;r||(I[e]=A(t.querySelectorAll("[data-row]")).reduce((function(t,e){return t+a(e)}),0),r=I[e]),i&&(P=!1,t.parentNode.style.height="".concat(r,"px"));var o=x;null===o&&(o=function(t){-1===t.dataset.sticky.indexOf("shrink")&&t.dataset.sticky.indexOf("auto-hide");var e=t.closest("header").getBoundingClientRect().top+scrollY;if(e>0){var r=document.elementFromPoint(0,3);r&&function(t){for(var e=[];t&&t!==document;t=t.parentNode)e.push(t);return e}(r).map((function(t){return getComputedStyle(t).position})).indexOf("fixed")>-1&&(e-=r.getBoundingClientRect().height)}-1===t.dataset.sticky.indexOf("shrink")&&-1===t.dataset.sticky.indexOf("auto-hide")&&(e+=200);var n=t.parentNode,i=getComputedStyle(document.body),o=parseFloat(i.getPropertyValue("--header-sticky-offset")||0);if(o+=parseFloat(i.getPropertyValue("--frame-size"))||0,1===n.parentNode.children.length||n.parentNode.children[0].classList.contains("ct-sticky-container"))return e>0?e-o:e;var a=Array.from(n.parentNode.children).reduce((function(t,e,r){return t.indexOf(0)>-1||!e.dataset.row?[].concat(A(t),[0]):[].concat(A(t),[e.classList.contains("ct-sticky-container")?0:e.getBoundingClientRect().height])}),[]).reduce((function(t,e){return t+e}),e);return a>0?a-o:a}(t),x=o);var c=j;null===c&&(c=t.closest("[data-device]").getBoundingClientRect().height,j=c);var u=H,d=t.dataset.sticky.split(":").filter((function(t){return"yes"!==t&&"no"!==t&&"fixed"!==t}));u||(u=A(t.querySelectorAll("[data-row]")).reduce((function(t,e){return t+s(e)}),0),H=parseInt(u),l((function(){return-1===d.indexOf("auto-hide")?u>A(t.querySelectorAll("[data-row]")).reduce((function(t,e){return t+a(e)}),0)?"".concat(u,"px"):"".concat(A(t.querySelectorAll("[data-row]")).reduce((function(t,e){return t+s(e)}),0),"px"):"0px"})));var f=o>0&&Math.abs(window.scrollY-o)<5||window.scrollY>o;d.indexOf("shrink")>-1&&(f=o>0?window.scrollY>=o:window.scrollY>0),setTimeout((function(){f&&-1===document.body.dataset.header.indexOf("shrink")&&(document.body.dataset.header="".concat(document.body.dataset.header,":shrink")),!f&&document.body.dataset.header.indexOf("shrink")>-1&&(document.body.dataset.header=document.body.dataset.header.replace(":shrink",""))}),300);var p=scrollY;d.indexOf("shrink")>-1&&function(t){var e=t.containerInitialHeight,r=t.stickyContainer,n=t.isSticky,i=t.startPosition,o=t.stickyComponents;if(0===i&&0===window.scrollY&&(r.dataset.sticky=["fixed"].concat(m(o)).join(":")),n){if(o.indexOf("yes")>-1)return;-1===r.dataset.sticky.indexOf("yes")&&(O(r,"no"),r.dataset.sticky=["yes"].concat(m(o)).join(":")),y({stickyContainer:r,startPosition:i}),h({stickyContainer:r,containerInitialHeight:e,startPosition:i})}else Array.from(r.querySelectorAll("[data-row]")).map((function(t){return t.removeAttribute("style")})),Array.from(r.querySelectorAll('[data-row*="middle"] .site-logo-container')).map((function(t){return t.removeAttribute("style")})),O(r,"yes"),0===i&&window.scrollY<=0?r.dataset.sticky=["fixed"].concat(m(o)).join(":"):r.dataset.sticky=o.join(":")}({stickyContainer:t,stickyContainerHeight:u,containerInitialHeight:r,isSticky:f,startPosition:o,stickyComponents:d}),d.indexOf("auto-hide")>-1&&function(t){var e=t.currentScrollY,r=t.stickyContainer,n=t.containerInitialHeight,i=t.headerInitialHeight,o=t.startPosition,a=t.isSticky,c=t.stickyComponents;a&&e-t.prevScrollY==0&&l((function(){return"0px"})),a?-1===r.dataset.sticky.indexOf("yes")&&e>2*i+o&&(r.dataset.sticky=["yes"].concat(g(c)).join(":"),y({stickyContainer:r,startPosition:o}),h({stickyContainer:r,containerInitialHeight:n,startPosition:o}),O(r,"no"),document.body.removeAttribute("style")):(Array.from(r.querySelectorAll("[data-row]")).map((function(t){return t.removeAttribute("style")})),Array.from(r.querySelectorAll('[data-row*="middle"] .site-logo-container')).map((function(t){return t.removeAttribute("style")})),r.dataset.sticky=g(c).join(":"),O(r,"yes"),l((function(){return"0px"})),b=null),null===b&&(b=1e3);var s=b+t.prevScrollY-e,u=0;if(e>2*i+o||r.dataset.sticky.indexOf("yes")>-1){if(e<=o)u=0;else if(e>t.prevScrollY){var d=v({stickyContainer:r}).stickyContainerHeightAbsolute;u=Math.abs(s)>d?-d:s}else u=s>0?0:s;r.style.transform="translateY(".concat(u,"px)"),b=u}else r.removeAttribute("style");r.dataset.sticky.indexOf("yes")>-1&&(e<=o||e>t.prevScrollY||(y({stickyContainer:r,startPosition:o}),h({stickyContainer:r,containerInitialHeight:n,startPosition:o}))),l((function(){var t=v({stickyContainer:r}).stickyContainerHeight;return"".concat(t-Math.abs(u),"px")}))}({stickyContainer:t,isSticky:f,startPosition:o,stickyComponents:d,containerInitialHeight:r,stickyContainerHeight:u,headerInitialHeight:c,currentScrollY:p,prevScrollY:T}),(d.indexOf("slide")>-1||d.indexOf("fade")>-1)&&function(t){var e=t.stickyContainer,r=t.startPosition,n=t.stickyComponents;t.isSticky?(-1===e.dataset.sticky.indexOf("yes")&&(e.dataset.sticky=["yes-start"].concat(w(n)).join(":"),setTimeout((function(){e.dataset.sticky=e.dataset.sticky.replace("yes-start","yes-end"),setTimeout((function(){e.dataset.sticky=e.dataset.sticky.replace("yes-end","yes")}),200)}),1)),O(e,"no")):-1===e.dataset.sticky.indexOf("yes-hide")&&e.dataset.sticky.indexOf("yes:")>-1&&(Math.abs(window.scrollY-r)>10?(e.dataset.sticky=n.join(":"),setTimeout((function(){Array.from(e.querySelectorAll("[data-row]")).map((function(t){return t.removeAttribute("style")}))}),300),O(e,"yes")):(e.dataset.sticky=["yes-hide-start"].concat(w(n)).join(":"),requestAnimationFrame((function(){e.dataset.sticky=e.dataset.sticky.replace("yes-hide-start","yes-hide-end"),setTimeout((function(){e.dataset.sticky=n.join(":"),setTimeout((function(){Array.from(e.querySelectorAll("[data-row]")).map((function(t){return t.removeAttribute("style")}))}),300),O(e,"yes")}),200)}))))}({stickyContainer:t,isSticky:f,startPosition:o,stickyComponents:d}),T=p}}},E=function(){if(document.querySelector("header [data-sticky]")){var t=window.width;window.addEventListener("resize",(function(e){window.width!==t&&(t=window.width,q(),Y(e),r().trigger("ct:header:update"))}),!1),window.addEventListener("orientationchange",(function(t){q(),Y(t),r().trigger("ct:header:update")})),window.addEventListener("scroll",Y,!1),window.addEventListener("load",Y,!1),Y()}};document.body.className.indexOf("e-preview")>-1?setTimeout((function(){E()}),500):E(),(0,n.registerDynamicChunk)("blocksy_sticky_header",{mount:function(t){}})}();
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/plugins/blocksy-companion/static/js/frontend/sticky.js

Line 266 in fe52f6e

''
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/plugins/blocksy-companion/static/js/helpers/useActivationAction.js

Line 109 in fe52f6e

history.navigate('/pro')
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/142.52ae544efaeaa302199b.js

Line 1 in fe52f6e

"use strict";(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[142],{142:function(t,e,n){n.r(e),n.d(e,{handleUpdate:function(){return d},mountMenuLevel:function(){return l}});var i=n(846);const s=function(t){return t.classList.contains("animated-submenu")&&(!t.parentNode.classList.contains("menu")||-1===t.className.indexOf("ct-mega-menu")&&t.parentNode.classList.contains("menu"))},a="undefined"!=typeof window&&window.navigator&&window.navigator.platform&&(/iP(ad|hone|od)/.test(window.navigator.platform)||"MacIntel"===window.navigator.platform&&window.navigator.maxTouchPoints>1),r=function(t,e){let{startPosition:n="end"}=e;const i=t.querySelector(".sub-menu"),s=function(t){const e=function(t,e){for(var n=[];t.parentNode;)t.parentNode&&t.parentNode.matches&&t.parentNode.matches("li.menu-item")&&n.push(t.parentNode),t=t.parentNode;return n[n.length-1]}(t);return e&&e.querySelector(".sub-menu .sub-menu .sub-menu")?e.getBoundingClientRect().left>innerWidth/2?"left":"right":"rtl"===document.querySelector("html").dir?"left":"right"}(i),{left:a,width:r,right:o}=i.getBoundingClientRect();let c=s,l=t.getBoundingClientRect();"left"===s&&("end"===n?l.left:l.right)-r<0&&(c="right"),"right"===s&&("end"===n?l.right:l.left)+r>innerWidth&&(c="left"),t.dataset.submenu=c,t.addEventListener("click",(function(){}))},o=function(t){const e=t.target.closest("li");e.classList.add("ct-active");let n=[...e.children].find((function(t){return t.matches(".ct-toggle-dropdown-desktop-ghost")}));n||(n=e.firstElementChild),n&&(n.setAttribute("aria-expanded","true"),"button"===n.tagName.toLowerCase()&&n.setAttribute("aria-label",ct_localizations.collapse_submenu)),u({target:e})},c=function(t){if(!t.target)return;const e=t.target.closest("li");e.classList.remove("ct-active");let n=[...e.children].find((function(t){return t.matches(".ct-toggle-dropdown-desktop-ghost")}));n||(n=e.firstElementChild),n&&(n.setAttribute("aria-expanded","false"),"button"===n.tagName.toLowerCase()&&n.setAttribute("aria-label",ct_localizations.expand_submenu)),setTimeout((function(){[...e.querySelectorAll("[data-submenu]")].map((function(t){t.removeAttribute("data-submenu")})),[...e.querySelectorAll(".ct-active")].map((function(t){t.classList.remove("ct-active")}))}),30)},l=function(t){let e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};[...t.children].filter((function(t){return t.matches(".menu-item-has-children, .page_item_has_children")})).map((function(t){if(t.classList.contains("ct-mega-menu-custom-width")){const e=t.querySelector(".sub-menu"),n=t.getBoundingClientRect(),i=e.getBoundingClientRect();n.left+n.width/2+i.width/2>innerWidth&&(t.dataset.submenu="left"),n.left+n.width/2-i.width/2<0&&(t.dataset.submenu="right")}s(t)&&r(t,e);let n=[...t.children].find((function(t){return t.matches(".ct-toggle-dropdown-desktop-ghost")})),l=t.matches('[data-interaction*="click"] *');if(t.hasFocusEventListener||(t.hasFocusEventListener=!0,t.addEventListener("keydown",(function(e){27==e.keyCode&&c({target:t.firstElementChild})})),t.addEventListener("focusout",(function(e){t.contains(e.relatedTarget)||c({target:t.firstElementChild})}))),l||(t.addEventListener("mouseenter",(function(e){a?o({target:t.firstElementChild}):requestAnimationFrame((function(){o({target:t.firstElementChild})})),t.parentNode.classList.contains(".sub-menu")||[...t.parentNode.children].filter((function(e){return e!==t})).map((function(t){c({target:t.firstElementChild})})),e.target.closest("li").addEventListener("mouseleave",(function(){c({target:t.firstElementChild})}),{once:!0})})),(0,i.b)()&&t.addEventListener("click",(function(e){t.classList.contains("ct-active")||e.preventDefault()}))),l){let e=t.matches('[data-interaction*="item"] *')?t.firstElementChild:t.firstElementChild.querySelector(".ct-toggle-dropdown-desktop");e.hasEventListener||(e.hasEventListener=!0,e.addEventListener("click",(function(e){e.preventDefault(),e.target.closest("li").classList.contains("ct-active")?c(e):(o(e),a&&e.target.closest("li").addEventListener("mouseleave",(function(){c({target:t.firstElementChild})}),{once:!0}),e.target.hasDocumentListener||(e.target.hasDocumentListener=!0,setTimeout((function(){document.addEventListener("click",(function(t){e.target.closest("li").contains(t.target)||c(e)}))}))))})))}n&&!n.hasEventListener&&(n.hasEventListener=!0,n.addEventListener("click",(function(t){t.target.closest("li").classList.contains("ct-active")?c(t):o(t)})))}))},u=function(t){let{target:e}=t;if(e.matches(".menu-item-has-children, .page_item_has_children")||(e=e.closest(".menu-item-has-children, .page_item_has_children")),e.parentNode.classList.contains("menu")&&e.className.indexOf("ct-mega-menu")>-1&&-1===e.className.indexOf("ct-mega-menu-custom-width")&&window.wp&&wp&&wp.customize&&wp.customize("active_theme")&&(e.querySelector(".sub-menu").style.left=Math.round(e.closest('[class*="ct-container"]').firstElementChild.getBoundingClientRect().x)-Math.round(e.closest("nav").getBoundingClientRect().x)+"px"),!s(e))return;const n=e.querySelector(".sub-menu");l(n),n.closest('[data-interaction="hover"]')&&n.parentNode.addEventListener("mouseleave",(function(){[...n.children].filter((function(t){return s(t)})).map((function(t){return t.removeAttribute("data-submenu")}))}),{once:!0})},d=function(t){t.parentNode||(t=document.querySelector(`[class="${t.className}"]`)),t&&(t.querySelector(".menu-item-has-children")||t.querySelector(".page_item_has_children"))&&t.closest('[data-interaction="hover"]')&&(t.removeEventListener("mouseenter",u),t.addEventListener("mouseenter",u))}}}]);
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/308.b59318afcbb9e19a1fa6.js

Line 2 in fe52f6e

(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[308],{308:function(t,e,i){"use strict";i.r(e),i.d(e,{mount:function(){return a}});var n=i(48),o=i.n(n),s=i(139),r=i(601),l=i.n(r);o().imagesLoaded=function(t,e){return e()},o().Button.prototype.hide=function(){};const a=function(t){let e=[...t.parentNode.children].find((function(t){return t.classList.contains("products")||t.classList.contains("entries")}));if(!t)return;let i=t.dataset.pagination;if(i.indexOf("simple")>-1)return;if(i.indexOf("next_prev")>-1)return;if(!t.querySelector(".next"))return;if(t.infiniteScroll)return;let n=new(o())(e,{checkLastPage:".ct-pagination .next",path:".ct-pagination .next",append:h(e),button:"load_more"===i?t.querySelector(".ct-load-more"):null,outlayer:null,scrollThreshold:"infinite_scroll"===i&&400,onInit(){this.on("load",(function(e){t.querySelector(".ct-load-more-helper").classList.remove("ct-loading"),setTimeout((function(){l().trigger("ct:infinite-scroll:load"),l().trigger("blocksy:frontend:init"),l().trigger("blocksy:parallax:init"),window.jQuery&&jQuery(document.body).trigger("wc_price_based_country_ajax_geolocation")}),100)})),this.on("append",(function(){return(0,s.Z)(e)})),this.on("request",(function(){t.querySelector(".ct-load-more-helper").classList.add("ct-loading")})),this.on("last",(function(){t.classList.add(t.querySelector(".ct-last-page-text")?"ct-last-page":"ct-last-page-no-info")}))}});t.infiniteScroll=n};function h(t){if([...t.parentNode.children].indexOf(t),t.closest(".ct-posts-shortcode")){let e=[...t.parentNode.parentNode.children].indexOf(t.parentNode);return t.classList.contains("products")?`.ct-posts-shortcode:nth-child(${e+1}) .products > li`:`.ct-posts-shortcode:nth-child(${e+1}) .entries > *`}return t.classList.contains("products")?"#main .products > li":"section > .entries > *"}},158:function(t){var e,i;e="undefined"!=typeof window?window:this,i=function(){function t(){}let e=t.prototype;return e.on=function(t,e){if(!t||!e)return this;let i=this._events=this._events||{},n=i[t]=i[t]||[];return n.includes(e)||n.push(e),this},e.once=function(t,e){if(!t||!e)return this;this.on(t,e);let i=this._onceEvents=this._onceEvents||{};return(i[t]=i[t]||{})[e]=!0,this},e.off=function(t,e){let i=this._events&&this._events[t];if(!i||!i.length)return this;let n=i.indexOf(e);return-1!=n&&i.splice(n,1),this},e.emitEvent=function(t,e){let i=this._events&&this._events[t];if(!i||!i.length)return this;i=i.slice(0),e=e||[];let n=this._onceEvents&&this._onceEvents[t];for(let o of i)n&&n[o]&&(this.off(t,o),delete n[o]),o.apply(this,e);return this},e.allOff=function(){return delete this._events,delete this._onceEvents,this},t},t.exports?t.exports=i():e.EvEmitter=i()},47:function(t){var e,i;e=this,i=function(t){let e={extend:function(t,e){return Object.assign(t,e)},modulo:function(t,e){return(t%e+e)%e},makeArray:function(t){return Array.isArray(t)?t:null==t?[]:"object"==typeof t&&"number"==typeof t.length?[...t]:[t]},removeFrom:function(t,e){let i=t.indexOf(e);-1!=i&&t.splice(i,1)},getParent:function(t,e){for(;t.parentNode&&t!=document.body;)if((t=t.parentNode).matches(e))return t},getQueryElement:function(t){return"string"==typeof t?document.querySelector(t):t},handleEvent:function(t){let e="on"+t.type;this[e]&&this[e](t)},filterFindElements:function(t,i){return(t=e.makeArray(t)).filter((t=>t instanceof HTMLElement)).reduce(((t,e)=>{if(!i)return t.push(e),t;e.matches(i)&&t.push(e);let n=e.querySelectorAll(i);return t.concat(...n)}),[])},debounceMethod:function(t,e,i){i=i||100;let n=t.prototype[e],o=e+"Timeout";t.prototype[e]=function(){clearTimeout(this[o]);let t=arguments;this[o]=setTimeout((()=>{n.apply(this,t),delete this[o]}),i)}},docReady:function(t){let e=document.readyState;"complete"==e||"interactive"==e?setTimeout(t):document.addEventListener("DOMContentLoaded",t)},toDashed:function(t){return t.replace(/(.)([A-Z])/g,(function(t,e,i){return e+"-"+i})).toLowerCase()}},i=t.console;return e.htmlInit=function(n,o){e.docReady((function(){let s="data-"+e.toDashed(o),r=document.querySelectorAll(`[${s}]`),l=t.jQuery;[...r].forEach((t=>{let e,r=t.getAttribute(s);try{e=r&&JSON.parse(r)}catch(e){return void(i&&i.error(`Error parsing ${s} on ${t.className}: ${e}`))}let a=new n(t,e);l&&l.data(t,o,a)}))}))},e},t.exports?t.exports=i(e):e.fizzyUIUtils=i(e)},163:function(t,e,i){!function(e,n){t.exports?t.exports=n(0,i(717),i(47)):n(0,e.InfiniteScroll,e.fizzyUIUtils)}(window,(function(t,e,i){class n{constructor(t,e){this.element=t,this.infScroll=e,this.clickHandler=this.onClick.bind(this),this.element.addEventListener("click",this.clickHandler),e.on("request",this.disable.bind(this)),e.on("load",this.enable.bind(this)),e.on("error",this.hide.bind(this)),e.on("last",this.hide.bind(this))}onClick(t){t.preventDefault(),this.infScroll.loadNextPage()}enable(){this.element.removeAttribute("disabled")}disable(){this.element.disabled="disabled"}hide(){this.element.style.display="none"}destroy(){this.element.removeEventListener("click",this.clickHandler)}}return e.create.button=function(){let t=i.getQueryElement(this.options.button);t&&(this.button=new n(t,this))},e.destroy.button=function(){this.button&&this.button.destroy()},e.Button=n,e}))},717:function(t,e,i){!function(e,n){t.exports?t.exports=n(e,i(158),i(47)):e.InfiniteScroll=n(e,e.EvEmitter,e.fizzyUIUtils)}(window,(function(t,e,i){let n=t.jQuery,o={};function s(t,e){let r=i.getQueryElement(t);if(r){if((t=r).infiniteScrollGUID){let i=o[t.infiniteScrollGUID];return i.option(e),i}this.element=t,this.options={...s.defaults},this.option(e),n&&(this.$element=n(this.element)),this.create()}else console.error("Bad element for InfiniteScroll: "+(r||t))}s.defaults={},s.create={},s.destroy={};let r=s.prototype;Object.assign(r,e.prototype);let l=0;r.create=function(){let t=this.guid=++l;if(this.element.infiniteScrollGUID=t,o[t]=this,this.pageIndex=1,this.loadCount=0,this.updateGetPath(),this.getPath&&this.getPath()){this.updateGetAbsolutePath(),this.log("initialized",[this.element.className]),this.callOnInit();for(let t in s.create)s.create[t].call(this)}else console.error("Disabling InfiniteScroll")},r.option=function(t){Object.assign(this.options,t)},r.callOnInit=function(){let t=this.options.onInit;t&&t.call(this,this)},r.dispatchEvent=function(t,e,i){this.log(t,i);let o=e?[e].concat(i):i;if(this.emitEvent(t,o),!n||!this.$element)return;let s=t+=".infiniteScroll";if(e){let i=n.Event(e);i.type=t,s=i}this.$element.trigger(s,i)};let a={initialized:t=>`on ${t}`,request:t=>`URL: ${t}`,load:(t,e)=>`${t.title||""}. URL: ${e}`,error:(t,e)=>`${t}. URL: ${e}`,append:(t,e,i)=>`${i.length} items. URL: ${e}`,last:(t,e)=>`URL: ${e}`,history:(t,e)=>`URL: ${e}`,pageIndex:function(t,e){return`current page determined to be: ${t} from ${e}`}};r.log=function(t,e){if(!this.options.debug)return;let i=`[InfiniteScroll] ${t}`,n=a[t];n&&(i+=". "+n.apply(this,e)),console.log(i)},r.updateMeasurements=function(){this.windowHeight=t.innerHeight;let e=this.element.getBoundingClientRect();this.top=e.top+t.scrollY},r.updateScroller=function(){let e=this.options.elementScroll;if(e){if(this.scroller=!0===e?this.element:i.getQueryElement(e),!this.scroller)throw new Error(`Unable to find elementScroll: ${e}`)}else this.scroller=t},r.updateGetPath=function(){let t=this.options.path;if(!t)return void console.error(`InfiniteScroll path option required. Set as: ${t}`);let e=typeof t;"function"!=e?"string"==e&&t.match("{{#}}")?this.updateGetPathTemplate(t):this.updateGetPathSelector(t):this.getPath=t},r.updateGetPathTemplate=function(t){this.getPath=()=>{let e=this.pageIndex+1;return t.replace("{{#}}",e)};let e=t.replace(/(\\\?|\?)/,"\\?").replace("{{#}}","(\\d\\d?\\d?)"),i=new RegExp(e),n=location.href.match(i);n&&(this.pageIndex=parseInt(n[1],10),this.log("pageIndex",[this.pageIndex,"template string"]))};let h=[/^(.*?\/?page\/?)(\d\d?\d?)(.*?$)/,/^(.*?\/?\?page=)(\d\d?\d?)(.*?$)/,/(.*?)(\d\d?\d?)(?!.*\d)(.*?$)/],c=s.getPathParts=function(t){if(t)for(let e of h){let i=t.match(e);if(i){let[,t,e,n]=i;return{begin:t,index:e,end:n}}}};r.updateGetPathSelector=function(t){let e=document.querySelector(t);if(!e)return void console.error(`Bad InfiniteScroll path option. Next link not found: ${t}`);let i=e.getAttribute("href"),n=c(i);if(!n)return void console.error(`InfiniteScroll unable to parse next link href: ${i}`);let{begin:o,index:s,end:r}=n;this.isPathSelector=!0,this.getPath=()=>o+(this.pageIndex+1)+r,this.pageIndex=parseInt(s,10)-1,this.log("pageIndex",[this.pageIndex,"next link"])},r.updateGetAbsolutePath=function(){let t=this.getPath();if(t.match(/^http/)||t.match(/^\//))return void(this.getAbsolutePath=this.getPath);let{pathname:e}=location,i=t.match(/^\?/),n=e.substring(0,e.lastIndexOf("/")),o=i?e:n+"/";this.getAbsolutePath=()=>o+this.getPath()},s.create.hideNav=function(){let t=i.getQueryElement(this.options.hideNav);t&&(t.style.display="none",this.nav=t)},s.destroy.hideNav=function(){this.nav&&(this.nav.style.display="")},r.destroy=function(){this.allOff();for(let t in s.destroy)s.destroy[t].call(this);delete this.element.infiniteScrollGUID,delete o[this.guid],n&&this.$element&&n.removeData(this.element,"infiniteScroll")},s.throttle=function(t,e){let i,n;return e=e||200,function(){let o=+new Date,s=arguments,r=()=>{i=o,t.apply(this,s)};i&&o<i+e?(clearTimeout(n),n=setTimeout(r,e)):r()}},s.data=function(t){let e=(t=i.getQueryElement(t))&&t.infiniteScrollGUID;return e&&o[e]},s.setJQuery=function(t){n=t},i.htmlInit(s,"infinite-scroll"),r._init=function(){};let{jQueryBridget:u}=t;return n&&u&&u("infiniteScroll",s,n),s}))},774:function(t,e,i){!function(e,n){t.exports?t.exports=n(e,i(717),i(47)):n(e,e.InfiniteScroll,e.fizzyUIUtils)}(window,(function(t,e,i){let n=e.prototype;Object.assign(e.defaults,{history:"replace"});let o=document.createElement("a");return e.create.history=function(){this.options.history&&(o.href=this.getAbsolutePath(),(o.origin||o.protocol+"//"+o.host)==location.origin?this.options.append?this.createHistoryAppend():this.createHistoryPageLoad():console.error(`[InfiniteScroll] cannot set history with different origin: ${o.origin} on ${location.origin} . History behavior disabled.`))},n.createHistoryAppend=function(){this.updateMeasurements(),this.updateScroller(),this.scrollPages=[{top:0,path:location.href,title:document.title}],this.scrollPage=this.scrollPages[0],this.scrollHistoryHandler=this.onScrollHistory.bind(this),this.unloadHandler=this.onUnload.bind(this),this.scroller.addEventListener("scroll",this.scrollHistoryHandler),this.on("append",this.onAppendHistory),this.bindHistoryAppendEvents(!0)},n.bindHistoryAppendEvents=function(e){let i=e?"addEventListener":"removeEventListener";this.scroller[i]("scroll",this.scrollHistoryHandler),t[i]("unload",this.unloadHandler)},n.createHistoryPageLoad=function(){this.on("load",this.onPageLoadHistory)},e.destroy.history=n.destroyHistory=function(){this.options.history&&this.options.append&&this.bindHistoryAppendEvents(!1)},n.onAppendHistory=function(t,e,i){if(!i||!i.length)return;let n=i[0],s=this.getElementScrollY(n);o.href=e,this.scrollPages.push({top:s,path:o.href,title:t.title})},n.getElementScrollY=function(e){return this.options.elementScroll?e.offsetTop-this.top:e.getBoundingClientRect().top+t.scrollY},n.onScrollHistory=function(){let t=this.getClosestScrollPage();t!=this.scrollPage&&(this.scrollPage=t,this.setHistory(t.title,t.path))},i.debounceMethod(e,"onScrollHistory",150),n.getClosestScrollPage=function(){let e,i;e=this.options.elementScroll?this.scroller.scrollTop+this.scroller.clientHeight/2:t.scrollY+this.windowHeight/2;for(let t of this.scrollPages){if(t.top>=e)break;i=t}return i},n.setHistory=function(t,e){let i=this.options.history;i&&history[i+"State"]&&(history[i+"State"](null,t,e),this.options.historyTitle&&(document.title=t),this.dispatchEvent("history",null,[t,e]))},n.onUnload=function(){if(0===this.scrollPage.top)return;let e=t.scrollY-this.scrollPage.top+this.top;this.destroyHistory(),scrollTo(0,e)},n.onPageLoadHistory=function(t,e){this.setHistory(t.title,e)},e}))},48:function(t,e,i){var n;window,t.exports&&(t.exports=(n=i(717),i(484),i(610),i(774),i(163),i(792),n))},484:function(t,e,i){!function(e,n){t.exports?t.exports=n(e,i(717)):n(e,e.InfiniteScroll)}(window,(function(t,e){let i=e.prototype;Object.assign(e.defaults,{loadOnScroll:!0,checkLastPage:!0,responseBody:"text",domParseResponse:!0}),e.create.pageLoad=function(){this.canLoad=!0,this.on("scrollThreshold",this.onScrollThresholdLoad),this.on("load",this.checkLastPage),this.options.outlayer&&this.on("append",this.onAppendOutlayer)},i.onScrollThresholdLoad=function(){this.options.loadOnScroll&&this.loadNextPage()};let n=new DOMParser;function o(t){let e=document.createDocumentFragment();return t&&e.append(...t),e}return i.loadNextPage=function(){if(this.isLoading||!this.canLoad)return;let{responseBody:t,domParseResponse:e,fetchOptions:i}=this.options,o=this.getAbsolutePath();this.isLoading=!0,"function"==typeof i&&(i=i());let s=fetch(o,i).then((i=>{if(!i.ok){let t=new Error(i.statusText);return this.onPageError(t,o,i),{response:i}}return i[t]().then((s=>("text"==t&&e&&(s=n.parseFromString(s,"text/html")),204==i.status?(this.lastPageReached(s,o),{body:s,response:i}):this.onPageLoad(s,o,i))))})).catch((t=>{this.onPageError(t,o)}));return this.dispatchEvent("request",null,[o,s]),s},i.onPageLoad=function(t,e,i){return this.options.append||(this.isLoading=!1),this.pageIndex++,this.loadCount++,this.dispatchEvent("load",null,[t,e,i]),this.appendNextPage(t,e,i)},i.appendNextPage=function(t,e,i){let{append:n,responseBody:s,domParseResponse:r}=this.options;if("text"!=s||!r||!n)return{body:t,response:i};let l=t.querySelectorAll(n),a={body:t,response:i,items:l};if(!l||!l.length)return this.lastPageReached(t,e),a;let h=o(l),c=()=>(this.appendItems(l,h),this.isLoading=!1,this.dispatchEvent("append",null,[t,e,l,i]),a);return this.options.outlayer?this.appendOutlayerItems(h,c):c()},i.appendItems=function(t,e){t&&t.length&&(function(t){let e=t.querySelectorAll("script");for(let t of e){let e=document.createElement("script"),i=t.attributes;for(let t of i)e.setAttribute(t.name,t.value);e.innerHTML=t.innerHTML,t.parentNode.replaceChild(e,t)}}(e=e||o(t)),this.element.appendChild(e))},i.appendOutlayerItems=function(i,n){let o=e.imagesLoaded||t.imagesLoaded;return o?new Promise((function(t){o(i,(function(){let e=n();t(e)}))})):(console.error("[InfiniteScroll] imagesLoaded required for outlayer option"),void(this.isLoading=!1))},i.onAppendOutlayer=function(t,e,i){this.options.outlayer.appended(i)},i.checkLastPage=function(t,e){let i,{checkLastPage:n,path:o}=this.options;if(n){if("function"==typeof o&&!this.getPath())return void this.lastPageReached(t,e);"string"==typeof n?i=n:this.isPathSelector&&(i=o),i&&t.querySelector&&(t.querySelector(i)||this.lastPageReached(t,e))}},i.lastPageReached=function(t,e){this.canLoad=!1,this.dispatchEvent("last",null,[t,e])},i.onPageError=function(t,e,i){return this.isLoading=!1,this.canLoad=!1,this.dispatchEvent("error",null,[t,e,i]),t},e.create.prefill=function(){if(!this.options.prefill)return;let t=this.options.append;t?(this.updateMeasurements(),this.updateScroller(),this.isPrefilling=!0,this.on("append",this.prefill),this.once("error",this.stopPrefill),this.once("last",this.stopPrefill),this.prefill()):console.error(`append option required for prefill. Set as :${t}`)},i.prefill=function(){let t=this.getPrefillDistance();this.isPrefilling=t>=0,this.isPrefilling?(this.log("prefill"),this.loadNextPage()):this.stopPrefill()},i.getPrefillDistance=function(){return this.options.elementScroll?this.scroller.clientHeight-this.scroller.scrollHeight:this.windowHeight-this.element.clientHeight},i.stopPrefill=function(){this.log("stopPrefill"),this.off("append",this.prefill)},e}))},610:function(t,e,i){!function(e,n){t.exports?t.exports=n(e,i(717),i(47)):n(e,e.InfiniteScroll,e.fizzyUIUtils)}(window,(function(t,e,i){let n=e.prototype;return Object.assign(e.defaults,{scrollThreshold:400}),e.create.scrollWatch=function(){this.pageScrollHandler=this.onPageScroll.bind(this),this.resizeHandler=this.onResize.bind(this);let t=this.options.scrollThreshold;(t||0===t)&&this.enableScrollWatch()},e.destroy.scrollWatch=function(){this.disableScrollWatch()},n.enableScrollWatch=function(){this.isScrollWatching||(this.isScrollWatching=!0,this.updateMeasurements(),this.updateScroller(),this.on("last",this.disableScrollWatch),this.bindScrollWatchEvents(!0))},n.disableScrollWatch=function(){this.isScrollWatching&&(this.bindScrollWatchEvents(!1),delete this.isScrollWatching)},n.bindScrollWatchEvents=function(e){let i=e?"addEventListener":"removeEventListener";this.scroller[i]("scroll",this.pageScrollHandler),t[i]("resize",this.resizeHandler)},n.onPageScroll=e.throttle((function(){this.getBottomDistance()<=this.options.scrollThreshold&&this.dispatchEvent("scrollThreshold")})),n.getBottomDistance=function(){let e,i;return this.options.elementScroll?(e=this.scroller.scrollHeight,i=this.scroller.scrollTop+this.scroller.clientHeight):(e=this.top+this.element.clientHeight,i=t.scrollY+this.windowHeight),e-i},n.onResize=function(){this.updateMeasurements()},i.debounceMethod(e,"onResize",150),e}))},792:function(t,e,i){!function(e,n){t.exports?t.exports=n(0,i(717),i(47)):n(0,e.InfiniteScroll,e.fizzyUIUtils)}(window,(function(t,e,i){let n=e.prototype;function o(t){r(t,"none")}function s(t){r(t,"block")}function r(t,e){t&&(t.style.display=e)}return e.create.status=function(){let t=i.getQueryElement(this.options.status);t&&(this.statusElement=t,this.statusEventElements={request:t.querySelector(".infinite-scroll-request"),error:t.querySelector(".infinite-scroll-error"),last:t.querySelector(".infinite-scroll-last")},this.on("request",this.showRequestStatus),this.on("error",this.showErrorStatus),this.on("last",this.showLastStatus),this.bindHideStatus("on"))},n.bindHideStatus=function(t){let e=this.options.append?"append":"load";this[t](e,this.hideAllStatus)},n.showRequestStatus=function(){this.showStatus("request")},n.showErrorStatus=function(){this.showStatus("error")},n.showLastStatus=function(){this.showStatus("last"),this.bindHideStatus("off")},n.showStatus=function(t){s(this.statusElement),this.hideStatusEventElements(),s(this.statusEventElements[t])},n.hideAllStatus=function(){o(this.statusElement),this.hideStatusEventElements()},n.hideStatusEventElements=function(){for(let t in this.statusEventElements)o(this.statusEventElements[t])},e}))}}]);
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/321.3a60ac255380431c2284.js

Line 1 in fe52f6e

"use strict";(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[321],{321:function(e,t,o){o.r(t),o.d(t,{mount:function(){return a}});var i=o(194),c=o.n(i);function n(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,i)}return o}function r(e){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{};t%2?n(Object(o),!0).forEach((function(t){s(e,t,o[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(o)):n(Object(o)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(o,t))}))}return e}function s(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function l(){try{return document.createEvent("TouchEvent"),!0}catch(e){return!1}}o(601);const a=function(e,t){let{event:o}=t;const i=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;if(e.closest(".elementor-section-wrap"))return;var o=c()(".pswp")[0],i=c()(e),n=i;const r=[...e.closest(".woocommerce-product-gallery").querySelectorAll(".flexy-items .ct-image-container img:not(.zoomImg), .woocommerce-product-gallery > .ct-image-container img:not(.zoomImg), .flexy-items .ct-image-container video, .woocommerce-product-gallery > .ct-image-container video, .flexy-items .ct-image-container iframe, .woocommerce-product-gallery > .ct-image-container iframe")].map((function(e){return e.matches("video")||e.matches("iframe")?{html:`<div class="ct-lightbox-video-container">${e.outerHTML}</div>`}:{img:e,src:e.closest("a")?e.closest("a").href:e.src,w:(e.closest("a")?e.closest("a").dataset.width:e.width)||e.width,h:(e.closest("a")?e.closest("a").dataset.height:e.width)||e.width,title:e.getAttribute("data-caption")}}));if(1!==r.length||!r[0].img.closest("a")||r[0].img.closest("a").getAttribute("href")){var s=c().extend({index:0===t?0:t||c()(n).index(),addCaptionHTMLFn:function(e,t){return e.title?(t.children[0].textContent=e.title,!0):(t.children[0].textContent="",!1)}},{shareEl:!1,closeOnScroll:!1,history:!1,hideAnimationDuration:0,showAnimationDuration:0}),l=new PhotoSwipe(o,PhotoSwipeUI_Default,r,s);l.init(),document.body.classList.add("ct-photoswipe-open"),l.listen("close",(function(){setTimeout((function(){document.body.classList.remove("ct-photoswipe-open"),[...document.querySelectorAll(".ct-lightbox-video-container")].map((function(e){return e.remove()}))}),300)}))}};o&&l()&&"click"===o.type&&setTimeout((function(){o.target&&o.target.click&&o.target.click()})),function(){let{onlyZoom:e=!1}=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},t=[...document.querySelectorAll(".woocommerce-product-gallery .woocommerce-product-gallery__trigger")];[...document.querySelectorAll(".single-product .flexy-items .ct-image-container, .single-product .woocommerce-product-gallery > .ct-image-container")].map((function(o){if(!(window.wp&&wp.customize&&wp.customize("has_product_single_lightbox")&&"yes"===wp.customize("has_product_single_lightbox")())&&window.wp&&window.wp.customize||e||o.hasPhotoswipeListener||(o.hasPhotoswipeListener=!0,o.addEventListener("click",(function(e){if(e.preventDefault(),t.length>0)return;let c=0;c=[...o.parentNode.querySelectorAll(".ct-image-container")].indexOf(o),o.closest(".flexy-items")&&(c=[...o.closest(".flexy-items").children].indexOf(o.parentNode)),window.PhotoSwipe&&i(o,c)}))),c().fn.zoom&&(window.wp&&wp.customize&&wp.customize("has_product_single_zoom")&&"yes"===wp.customize("has_product_single_zoom")()||!window.wp||!window.wp.customize)){const e=o.getBoundingClientRect();if(o.closest(".elementor-section-wrap"))return;if(o.querySelector("iframe"))return;if(o.querySelector("video"))return;parseFloat(o.getAttribute("data-width"))>o.closest(".woocommerce-product-gallery").getBoundingClientRect().width&&c()(o).zoom(r(r({url:o.href,touch:!1,duration:50},e.width>parseFloat(o.dataset.width)||e.height>parseFloat(o.dataset.height)?{magnify:2}:{}),l()?{on:"toggle"}:{}))}})),c().fn.zoom&&(window.wp&&wp.customize&&wp.customize("has_product_single_zoom")&&"yes"===wp.customize("has_product_single_zoom")()||!window.wp||!window.wp.customize)&&setTimeout((function(){o&&(o.target.closest(".elementor-section-wrap")||(o.target.closest(".flexy-items")||o.target.closest(".ct-image-container")&&o.target.closest(".ct-image-container").parentNode.classList.contains("woocommerce-product-gallery"))&&c()(o.target.closest(".ct-image-container")).trigger(l()?"click.zoom":"mouseenter.zoom"))}),150),t.map((function(e){e.hasPhotoswipeListener||(e.hasPhotoswipeListener=!0,e.addEventListener("click",(function(t){if(t.preventDefault(),t.stopPropagation(),!e.closest(".ct-image-container")||e.closest(".flexy-items")){if(e.closest(".ct-image-container")&&e.closest(".flexy-items")&&e.closest(".ct-columns-top-gallery"))window.PhotoSwipe&&i(e.closest(".ct-image-container"),[...e.closest(".ct-image-container").parentNode.parentNode.children].indexOf(e.closest(".ct-image-container").parentNode));else if(document.querySelector(".single-product .woocommerce-product-gallery > .ct-image-container")&&window.PhotoSwipe&&i(document.querySelector(".single-product .woocommerce-product-gallery > .ct-image-container")),document.querySelector(".single-product .flexy-items .ct-image-container")){let e=document.querySelector(".single-product .flexy-pills"),t=Array.from(e.querySelector(".active").parentNode.children).indexOf(e.querySelector(".active")||e.firstElementChild);window.PhotoSwipe&&i(document.querySelector(".single-product .flexy-items").children[t].firstElementChild,t)}}else window.PhotoSwipe&&i(e.closest(".ct-image-container"))})))}))}()}}}]);
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/36.870e0c3aa08c92b9f4dc.js

Line 1 in fe52f6e

"use strict";(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[36],{36:function(t,e,o){o.r(e),o.d(e,{mount:function(){return a}});var n=o(194),c=o.n(n),r=o(601),i=o.n(r);let u=!1;const a=function(){if(!c())return;const t='.ct-header-cart, .ct-shortcuts-container [data-id="cart"]';if(u)return;u=!0,c()(document.body).on("adding_to_cart",(function(){return[...document.querySelectorAll(t)].map((function(t){t.closest(".ct-shortcuts-container")||(t=t.firstElementChild),t.classList.remove("ct-added"),t.classList.add("ct-adding")}))})),c()(document.body).on("wc_fragments_loaded",(function(){setTimeout((function(){return i().trigger("ct:popper-elements:update")})),setTimeout((function(){return i().trigger("blocksy:frontend:init")}))})),c()(document.body).on("wc_cart_button_updated",(function(){setTimeout((function(){[...document.querySelectorAll(t)].map((function(t,e){e>0||!document.querySelector(".quick-view-modal.active")&&(!document.body.classList.contains("single-product")&&t.querySelector('[data-auto-open*="archive"]')||document.body.classList.contains("single-product")&&t.querySelector('[data-auto-open*="product"]'))&&(t.querySelector("[data-auto-open]").focusDisabled=!0,t.querySelector("[data-auto-open]").click())}))}),100)})),c()(document.body).on("added_to_cart",(function(e,o,n,c,r){c=c[0],[...document.querySelectorAll(t)].map((function(t,e){let n=t;t.closest(".ct-shortcuts-container")||(n=t.firstElementChild),n.classList.remove("ct-adding"),n.classList.add("ct-added"),document.querySelector(".ct-cart-content")&&t.querySelector(".ct-cart-content")&&(t.querySelector(".ct-cart-content").innerHTML=Object.values(o)[0],t.querySelector(".ct-cart-total")&&t.querySelector(".ct-cart-content .woocommerce-mini-cart__total .woocommerce-Price-amount")&&(t.querySelector(".ct-cart-total").firstElementChild.innerHTML=t.querySelector(".ct-cart-content .woocommerce-mini-cart__total .woocommerce-Price-amount").innerHTML))}))})),c()(document.body).on("removed_from_cart",(function(e,o,n,c){return[...document.querySelectorAll(t)].map((function(t){if(c)try{c[0].closest("li").parentNode.removeChild(c[0].closest("li"))}catch(t){}}))})),c()(document).on("uael_quick_view_loader_stop",(function(){i().trigger("ct:add-to-cart:quantity")})),c()(document).on("facetwp-loaded",(function(){i().trigger("ct:custom-select:init")})),c()(window).on("wpf_ajax_success",(function(){i().trigger("blocksy:frontend:init")})),c()(document).on("prdctfltr-reload",(function(){i().trigger("blocksy:frontend:init")})),setTimeout((function(){if(window.woof_mass_reinit){const t=window.woof_mass_reinit;window.woof_mass_reinit=function(){i().trigger("blocksy:frontend:init"),t()}}}),1e3);const e=function(){let t=document.querySelector(".ct-header-cart .ct-cart-content");t&&t.removeAttribute("style")};c()(document.body).on("wc_fragments_refreshed",(function(){setTimeout((function(){i().trigger("blocksy:frontend:init"),i().trigger("ct:popper-elements:update"),e()}))})),c()(document.body).on("wc_fragments_loaded",(function(){setTimeout((function(){i().trigger("blocksy:frontend:init"),i().trigger("ct:popper-elements:update"),e()}))}))}}}]);
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/38.4d46d7a7deb5d9fd6412.js

Line 1 in fe52f6e

(globalThis.blocksyJsonP=globalThis.blocksyJsonP||[]).push([[38],{38:function(e,t,n){"use strict";n.r(t),n.d(t,{handleClick:function(){return P},mount:function(){return q}});var o=n(891);const r="undefined"!=typeof window&&window.navigator&&window.navigator.platform&&(/iP(ad|hone|od)/.test(window.navigator.platform)||"MacIntel"===window.navigator.platform&&window.navigator.maxTouchPoints>1);var c=function(e){r?(0,o.clearAllBodyScrollLocks)():(document.body.style.overflow="",document.body.style.removeProperty("--scrollbar-width"))},i=function(e){if(r)e&&(0,o.disableBodyScroll)(e,{allowTouchMove:function(e){return!!e.closest(".select2-container")}});else{let e=window.innerWidth-document.documentElement.clientWidth;e>0&&document.body.style.setProperty("--scrollbar-width",`${e}px`),document.body.style.overflow="hidden"}};const a=function(){return window.ctFrontend&&window.ctFrontend.scrollLockManager||(window.ctFrontend=window.ctFrontend||{},window.ctFrontend.scrollLockManager={enable:c,disable:i}),window.ctFrontend.scrollLockManager};var l=n(601),s=n.n(l);const u=function(e){if(!e)return;const t=e.querySelector(".ct-toggle-dropdown-mobile");e.classList.contains("dropdown-active")?(t.setAttribute("aria-expanded","false"),t.setAttribute("aria-label",ct_localizations.expand_submenu),function(e,t){const n=e.querySelector("ul");requestAnimationFrame((function(){const e=n.getBoundingClientRect().height;n.style.height=`${e}px`,n.classList.add("is-animating"),requestAnimationFrame((function(){n.style.height="0px",d(n,(function(){n.classList.remove("is-animating"),n.removeAttribute("style"),t()}))}))}))}(e,(function(){e.classList.toggle("dropdown-active"),[...e.querySelectorAll(".menu-item-has-children.dropdown-active, .page_item_has_children.dropdown-active")].map((function(e){return e.classList.remove("dropdown-active")}))}))):(t.setAttribute("aria-expanded","true"),t.setAttribute("aria-label",ct_localizations.collapse_submenu),[...e.parentNode.children].map((function(e){return e.classList.contains("dropdown-active")&&u(e)})),e.classList.toggle("dropdown-active"),function(e){const t=e.querySelector("ul");requestAnimationFrame((function(){const e=t.getBoundingClientRect().height;t.style.height="0px",t.classList.add("is-animating"),requestAnimationFrame((function(){t.style.height=`${e}px`,d(t,(function(){t.classList.remove("is-animating"),t.removeAttribute("style")}))}))}))}(e))};function d(e,t){const n=function(o){o.target===e&&(e.removeEventListener("transitionend",n),t())};e.addEventListener("transitionend",n)}var f=n(130),m=n(846);function v(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function p(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?v(Object(n),!0).forEach((function(t){g(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):v(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function g(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const h=["button:enabled:not([readonly])","select:enabled:not([readonly])","textarea:enabled:not([readonly])","input:enabled:not([readonly])","a[href]","area[href]","iframe","object","embed","[tabindex]","[contenteditable]","[autofocus]"];let y=null;const b=function(e){if(!y)return;let t=[...y.querySelectorAll(h.join(","))];y.querySelector('[data-device="mobile"]')&&"mobile"!==(0,f.C)()&&(t=t.filter((function(e){return!e.closest('[data-device="mobile"]')})));const n=t[0],o=t[t.length-1];"Tab"!==e.key&&9!==e.keyCode||(t.includes(document.activeElement)||(n.focus(),e.preventDefault()),e.shiftKey?document.activeElement===n&&(o.focus(),e.preventDefault()):document.activeElement===o&&(n.focus(),e.preventDefault()))},w=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};if(t=p({focusOnMount:!0},t),y&&y!==e)return;const n=e.querySelectorAll(h.join(","));0!==n.length&&(y=e,document.addEventListener("keydown",b),t.focusOnMount&&!(0,m.b)()&&setTimeout((function(){n[0].focus()}),200))},L=function(e){e.removeEventListener("keydown",b),y=null},S=function(){return window.ctFrontend&&window.ctFrontend.focusLockManager||(window.ctFrontend=window.ctFrontend||{},window.ctFrontend.focusLockManager={focusLockOn:w,focusLockOff:L}),window.ctFrontend.focusLockManager};function O(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function k(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?O(Object(n),!0).forEach((function(t){E(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):O(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function E(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const A=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};if(e=k({onClose:function(){},container:null},e),t=k({closeInstant:!1,shouldFocusOriginalTrigger:!0},t),!document.body.hasAttribute("data-panel"))return e.container.classList.remove("active"),void e.onClose();[...document.querySelectorAll(`[data-toggle-panel*="${e.container.id}"]`),...document.querySelectorAll(`[href*="${e.container.id}"]`)].map((function(e,n){e.setAttribute("aria-expanded","false"),t.shouldFocusOriginalTrigger&&!(0,m.b)()&&(e.focusDisabled||setTimeout((function(){0===n&&e.focus()}),50),e.focusDisabled=!1)})),e.container.classList.remove("active"),t.closeInstant?(document.body.removeAttribute("data-panel"),s().trigger("ct:modal:closed",e.container),a().enable(e.computeScrollContainer?e.computeScrollContainer():e.container.querySelector(".ct-panel-content"))):(document.body.dataset.panel="out",e.container.addEventListener("transitionend",(function(){setTimeout((function(){document.body.removeAttribute("data-panel"),s().trigger("ct:modal:closed",e.container),a().enable(e.computeScrollContainer?e.computeScrollContainer():e.container.querySelector(".ct-panel-content")),S().focusLockOff(e.container.querySelector(".ct-panel-content").parentNode)}),300)}),{once:!0})),window.removeEventListener("click",e.handleWindowClick,{capture:!0}),e.container.removeEventListener("click",e.handleContainerClick),e.onClose()},P=function(e,t){e&&e.preventDefault&&e.preventDefault(),t=k({onClose:function(){},container:null,focus:!1,clickOutside:!0,isModal:!1,computeScrollContainer:null,closeWhenLinkInside:!1,handleContainerClick:function(e){let n=e.target.closest(".ct-panel-content"),o=[...t.container.querySelectorAll(".ct-panel-content")].indexOf(e.target)>-1;t.isModal&&!o&&n||!t.isModal&&(o||n)||e.target.closest('[class*="select2-container"]')||window.getSelection().toString().length>0||document.body.hasAttribute("data-panel")&&A(t)},handleWindowClick:function(e){t.container.contains(e.target)||e.target===document.body||event.target.closest('[class*="select2-container"]')||document.body.hasAttribute("data-panel")&&A(t)}},t),function(e){e=k({onClose:function(){},container:null,focus:!0},e),[...document.querySelectorAll(`[data-toggle-panel*="${e.container.id}"]`),...document.querySelectorAll(`[href*="${e.container.id}"]`)].map((function(e){e.setAttribute("aria-expanded","true")})),e.focus&&!(0,m.b)()&&setTimeout((function(){e.container.querySelector("input")&&e.container.querySelector("input").focus()}),200),e.container.querySelector(".ct-panel-content")&&e.container.querySelector(".ct-panel-content").addEventListener("click",(function(t){Array.from(e.container.querySelectorAll("select")).map((function(e){return e.selectr&&e.selectr.events.dismiss(t)}))})),e.clickOutside&&e.container.querySelector(".ct-panel-content")&&e.container.addEventListener("click",e.handleContainerClick);const t=function(n){const{keyCode:o,target:r}=n;27===o&&(n.preventDefault(),document.body.hasAttribute("data-panel")&&A(e),document.removeEventListener("keyup",t))};document.addEventListener("keyup",t);let n=e.container&&e.container.querySelector(".ct-toggle-close");n&&(n.addEventListener("click",(function(t){t.preventDefault(),A(e)}),{once:!0}),n.hasEnterListener||(n.hasEnterListener=!0,n.addEventListener("keyup",(function(t){13==t.keyCode&&(t.preventDefault(),A(e))})))),(e.computeScrollContainer||e.container.querySelector(".ct-panel-content"))&&(a().disable(e.computeScrollContainer?e.computeScrollContainer():e.container.querySelector(".ct-panel-content")),setTimeout((function(){S().focusLockOn(e.container.querySelector(".ct-panel-content").parentNode,{focusOnMount:!e.focus})}))),window.addEventListener("click",e.handleWindowClick,{capture:!0}),s().trigger("ct:modal:opened",e.container),[...e.container.querySelectorAll(".ct-toggle-dropdown-mobile")].map((function(e){!function(e){if(e.hasListener)return;e.hasListener=!0;let t=e.previousElementSibling.getAttribute("href");t&&"#"!==t||e.previousElementSibling.addEventListener("click",(function(t){t.preventDefault(),t.stopPropagation(),u(e.closest(".menu-item-has-children, .page_item_has_children"))})),e.addEventListener("click",(function(t){t.preventDefault(),t.stopPropagation(),u(e.closest(".menu-item-has-children, .page_item_has_children"))}))}(e)}))}(t),t.closeWhenLinkInside&&(t.container.hasListener||(t.container.hasListener=!0,t.container.addEventListener("click",(function(e){if(!e.target)return;let n=e.target;e.target.closest("a")&&(n=e.target.closest("a")),n.closest(".ct-panel").classList.contains("active")&&n.matches("a")&&(n.classList.contains("ct-overlay-skip")||(n.closest('nav[data-id*="menu"]')||n.closest('[data-id*="text"]')||n.closest('[data-id*="button"]')||n.matches(".ct-offcanvas-trigger")||n.matches(".ct-header-account")||n.closest(".widget_nav_menu"))&&(A(t,{closeInstant:"#"!==n.getAttribute("href")[0],shouldFocusOriginalTrigger:!1}),setTimeout((function(){(n.matches(".ct-offcanvas-trigger")||n.matches(".ct-header-account"))&&n.click()}),500)))}))))};s().on("ct:offcanvas:force-close",(function(e){return A(e)}));const q=function(e,t){let{event:n,focus:o=!1}=t;P(n,{isModal:!0,container:document.querySelector(e.dataset.togglePanel||e.hash),clickOutside:!0,focus:o})}},891:function(e,t){var n,o;n=function(e){"use strict";function t(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}Object.defineProperty(e,"__esModule",{value:!0});var n=!1;if("undefined"!=typeof window){var o={get passive(){n=!0}};window.addEventListener("testPassive",null,o),window.removeEventListener("testPassive",null,o)}function r(e){return l.some((function(t){return!(!t.options.allowTouchMove||!t.options.allowTouchMove(e))}))}function c(e){var t=e||window.event;return!!r(t.target)||1<t.touches.length||(t.preventDefault&&t.preventDefault(),!1)}function i(){setTimeout((function(){void 0!==f&&(document.body.style.paddingRight=f,f=void 0),void 0!==d&&(document.body.style.overflow=d,d=void 0)}))}var a="undefined"!=typeof window&&window.navigator&&window.navigator.platform&&(/iP(ad|hone|od)/.test(window.navigator.platform)||"MacIntel"===window.navigator.platform&&1<window.navigator.maxTouchPoints),l=[],s=!1,u=-1,d=void 0,f=void 0;e.disableBodyScroll=function(e,o){if(a){if(!e)return void console.error("disableBodyScroll unsuccessful - targetElement must be provided when calling disableBodyScroll on IOS devices.");if(e&&!l.some((function(t){return t.targetElement===e}))){var i={targetElement:e,options:o||{}};l=[].concat(t(l),[i]),e.ontouchstart=function(e){1===e.targetTouches.length&&(u=e.targetTouches[0].clientY)},e.ontouchmove=function(t){var n,o,i,a;1===t.targetTouches.length&&(o=e,a=(n=t).targetTouches[0].clientY-u,r(n.target)||(o&&0===o.scrollTop&&0<a||(i=o)&&i.scrollHeight-i.scrollTop<=i.clientHeight&&a<0?c(n):n.stopPropagation()))},s||(document.addEventListener("touchmove",c,n?{passive:!1}:void 0),s=!0)}}else{v=o,setTimeout((function(){if(void 0===f){var e=!!v&&!0===v.reserveScrollBarGap,t=window.innerWidth-document.documentElement.clientWidth;e&&0<t&&(f=document.body.style.paddingRight,document.body.style.paddingRight=t+"px")}void 0===d&&(d=document.body.style.overflow,document.body.style.overflow="hidden")}));var m={targetElement:e,options:o||{}};l=[].concat(t(l),[m])}var v},e.clearAllBodyScrollLocks=function(){a?(l.forEach((function(e){e.targetElement.ontouchstart=null,e.targetElement.ontouchmove=null})),s&&(document.removeEventListener("touchmove",c,n?{passive:!1}:void 0),s=!1),l=[],u=-1):(i(),l=[])},e.enableBodyScroll=function(e){if(a){if(!e)return void console.error("enableBodyScroll unsuccessful - targetElement must be provided when calling enableBodyScroll on IOS devices.");e.ontouchstart=null,e.ontouchmove=null,l=l.filter((function(t){return t.targetElement!==e})),s&&0===l.length&&(document.removeEventListener("touchmove",c,n?{passive:!1}:void 0),s=!1)}else(l=l.filter((function(t){return t.targetElement!==e}))).length||i()}},void 0===(o=n.apply(t,[t]))||(e.exports=o)}}]);
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/bundle/main.js

Line 2 in fe52f6e

!function(){var e,t,n={139:function(e,t,n){"use strict";n.d(t,{Z:function(){return o}});let r=null;window.IntersectionObserver&&(r=new IntersectionObserver((function(e){return e.filter((function(e){let{isIntersecting:t}=e;return t})).map((function(e){let{target:t}=e;return t})).filter((function(e){return(e.dataset.reveal||"").indexOf("no")>-1})).map((function(e,t){let n=(e.dataset.reveal||"").indexOf("bottom")>-1;e.dataset.reveal=n?`yes:${t+1}`:"yes"}))})));const o=function(e){if(!window.IntersectionObserver)return;let t=e.querySelectorAll('[data-reveal*="no"]');0!==t.length&&t[0].dataset.reveal&&[...t].map((function(e){return r.observe(e)}))}},130:function(e,t,n){"use strict";n.d(t,{C:function(){return l}});var r=n(601),o=n.n(r);let i=null,c=matchMedia("all and (max-width: 689px)"),a=matchMedia("all and (max-width: 999px)");const u=function(){i=c.matches?"mobile":a.matches?"tablet":"desktop",o().trigger("ct:general:device-change",{currentScreen:i})};u(),c.addListener((function(){return u()})),a.addListener((function(){return u()}));const l=function(){let{withTablet:e=!1}=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};return e?i:"tablet"===i?"mobile":i}},846:function(e,t,n){"use strict";n.d(t,{b:function(){return r}});const r=function(){return"ontouchstart"in window||navigator.maxTouchPoints>0||navigator.msMaxTouchPoints>0}},248:function(e,t,n){"use strict";n.d(t,{Cg:function(){return d},XT:function(){return f},Xr:function(){return p}});var r=n(601),o=n.n(r),i=n(846);const c=["mount","el"];function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function u(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?a(Object(n),!0).forEach((function(t){l(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):a(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const s=function(e){let{els:t,events:n,forcedEvents:r,load:o,mount:a,condition:l,trigger:s}=e;t||(t=[]),n||(n=[]),r||(r=[]),s||(s=[]),a||(a=function(e){let{mount:t,el:n}=e,r=function(e,t){if(null==e)return{};var n,r,o=function(e,t){if(null==e)return{};var n,r,o={},i=Object.keys(e);for(r=0;r<i.length;r++)n=i[r],t.indexOf(n)>=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r<i.length;r++)n=i[r],t.indexOf(n)>=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}(e,c);return n?t(n,r):t()}),t&&"[object Function]"==={}.toString.call(t)&&(t=t());const d=(Array.isArray(t)?t:[t]).reduce((function(e,t){return[...e,...Array.isArray(t)?t:"string"==typeof t?document.querySelectorAll(t):[t]]}),[]);0!==d.length&&(l&&!l({els:t,allEls:d})||(s.length>0?(s.includes("click")&&d.map((function(e){e.hasLazyLoadClickListener||(e.hasLazyLoadClickListener=!0,e.addEventListener("click",(function(t){t.preventDefault(),o().then((function(n){return a(u(u({},n),{},{event:t,el:e}))}))})))})),s.includes("scroll")&&d.map((function(e){e.hasLazyLoadScrollListener||(e.hasLazyLoadScrollListener=!0,setTimeout((function(){let t=scrollY,n=function(r){if(Math.abs(scrollY-t)>30)return document.removeEventListener("scroll",n),void o().then((function(t){return a(u(u({},t),{},{event:r,el:e}))}))};document.addEventListener("scroll",n)}),500))})),s.includes("input")&&d.map((function(e){e.hasLazyLoadInputListener||(e.hasLazyLoadInputListener=!0,e.addEventListener("input",(function(t){return o().then((function(t){return a(u(u({},t),{},{el:e}))}))}),{once:!0}))})),s.includes("hover-with-touch")&&d.map((function(e){e.hasLazyLoadMouseOverListener||(e.dataset.autoplay&&parseFloat(e.dataset.autoplay)?setTimeout((function(){o().then((function(t){return a(u(u({},t),{},{el:e}))}))}),1e3*parseFloat(e.dataset.autoplay)):(e.hasLazyLoadMouseOverListener=!0,e.forcedMount=function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};return o().then((function(n){return a(u(u({},n),{},{el:e},t))}))},["mouseover",...(0,i.b)()?["touchstart"]:[]].map((function(t){e.addEventListener(t,(function(t){o().then((function(n){return a(u(u(u({},n),"touchstart"===t.type?{event:t}:{}),{},{el:e}))}))}),{once:!0,passive:!0})}))))})),s.includes("hover-with-click")&&d.map((function(e){e.hasLazyLoadClickHoverListener||(e.hasLazyLoadClickHoverListener=!0,e.addEventListener((0,i.b)()?"click":"mouseover",(function(t){t.preventDefault(),o().then((function(n){return a(u(u({},n),{},{event:t,el:e}))}))}),{once:!0}))})),s.includes("hover")&&d.map((function(e){e.hasLazyLoadMouseOverListener||(e.hasLazyLoadHoverListener=!0,e.addEventListener("mouseover",(function(t){o().then((function(n){return a(u(u({},n),{},{event:t,el:e}))}))}),{once:!0}))})),s.includes("submit")&&d.map((function(e){e.hasLazyLoadSubmitListener||(e.hasLazyLoadSubmitListener=!0,e.addEventListener("submit",(function(t){t.preventDefault(),o().then((function(n){return a(u(u({},n),{},{event:t,el:e}))}))})))}))):o().then((function(e){d.map((function(t){a(u(u({},e),{},{el:t}))}))}))))},d=function(e){/comp|inter|loaded/.test(document.readyState)?e():document.addEventListener("DOMContentLoaded",e,!1)},f=function(e,t){const{immediate:n=!1,skipEvents:r=!1}=t||{};r||[...new Set(e.reduce((function(e,t){return[...e,...t.events||[],...t.forcedEvents||[]]}),[]))].map((function(t){o().on(t,(function(){e.filter((function(e){let{events:n=[]}=e;return n.indexOf(t)>-1})).map((function(e){return s(u(u({},e),{},{trigger:[]}))})),e.filter((function(e){let{forcedEvents:n=[]}=e;return n.indexOf(t)>-1})).map((function(e){return s(u(u(u({},e),e.forcedEventsElsSkip?{}:{els:["body"]}),{},{condition:function(){return!0},trigger:[]}))}))}))}));const i=function(){e.filter((function(e){let{onLoad:t=!0}=e;return"[object Function]"==={}.toString.call(t)?t():!!t})).map(s)};n?i():d(i)};const p=function(e){return new Promise((function(t,n){document.querySelector(`[href="${e}"]`)?t():requestAnimationFrame((function(){!function(e,t){var n;function r(){!n&&t&&(n=!0,t.call(e))}e.addEventListener&&e.addEventListener("load",r),e.attachEvent&&e.attachEvent("onload",r),"isApplicationInstalled"in navigator&&"onloadcssdefined"in e&&e.onloadcssdefined(r)}(function(e,t,n,r){var o=document,i=o.createElement("link");if(t);else{var c=(o.body||o.getElementsByTagName("head")[0]).childNodes;c[c.length-1]}var a=o.styleSheets;i.rel="stylesheet",i.href=e,document.body.appendChild(i);var u=function(e){for(var t=i.href,n=a.length;n--;)if(a[n].href===t)return e();setTimeout((function(){u(e)}))};function l(){i.addEventListener&&i.removeEventListener("load",l)}return i.addEventListener&&i.addEventListener("load",l),i.onloadcssdefined=u,u(l),i}(e),(function(){requestAnimationFrame((function(){t()}))}))}))}))}},577:function(e,t,n){"use strict";function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?r(Object(n),!0).forEach((function(t){i(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):r(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function i(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}n.r(t),n.d(t,{allFrontendEntryPoints:function(){return V},areWeDealingWithSafari:function(){return Y},getCurrentScreen:function(){return m.C},handleEntryPoints:function(){return p.XT},loadStyle:function(){return p.Xr},onDocumentLoaded:function(){return p.Cg},registerDynamicChunk:function(){return E}}),n(989);const c=function(e,t){return"string"!=typeof e?e:e.replace(/\s\s+/g," ").trim().split(" ").reduce((function(e,n){return o(o({},e),{},{[n]:t})}),{})},a=new class{constructor(){i(this,"_events",{})}on(e,t){var n=this;const r=c(e,t);return Object.keys(r).map((function(e){return n._events=o(o({},n._events),{},{[e]:[...n._events[e]||[],r[e]]})})),this}off(e,t){var n=this;const r=c(e,t);return Object.keys(r).map((function(e){n._events[e]&&(r[e]?n._events[e].splice(n._events[e].indexOf(t)>>>0,1):n._events[e]=[])})),this}trigger(e,t){var n=this;const r=c(e),o=function(e){return e&&e.call(window,t)};return Object.keys(r).map((function(e){try{(n._events[e]||[]).map(o),(n._events.all||[]).map(o)}catch(e){if(console.log("%c [Events] Exception raised.","color: red; font-weight: bold;"),"undefined"==typeof console)throw e;console.error(e)}})),this}};window.ctEvents=a;var u=n(601),l=n.n(u),s=n(194),d=n.n(s),f=n(139),p=n(248),m=n(130),h=n(277),b=n.n(h);function g(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function y(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const v=function(e,t){t=function(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?g(Object(n),!0).forEach((function(t){y(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):g(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}({container:null,openStrategy:"full"},t),document.body.hasAttribute("data-panel")&&"skip"!==t.openStrategy||("skip"!==t.openStrategy&&(t.container&&t.container.classList.add("active"),document.body.dataset.panel="in"+(t.container.dataset.behaviour.indexOf("left")>-1?":left":t.container.dataset.behaviour.indexOf("right")>-1?":right":"")),"full"!==t.openStrategy&&"skip"!==t.openStrategy||n.e(38).then(n.bind(n,38)).then((function(n){let{handleClick:r}=n;r(e,t)})))},O=function(e,t){let{event:n,focus:r=!1}=t;v(n,{isModal:!0,container:document.querySelector(e.dataset.togglePanel||e.hash),clickOutside:!0,focus:r})};function w(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function j(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?w(Object(n),!0).forEach((function(t){k(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):w(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function k(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}let L={},P=null;const S=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:null;const r=function(){n?L[e.id].mount(n,t):[...document.querySelectorAll(e.selector)].map((function(n){L[e.id].mount(n,t)}))};if(L[e.id])r();else if(e.global_data&&e.global_data.map((function(e){e.var&&e.data&&(window[e.var]=e.data)})),e.deps){const t=e.deps.filter((function(t){return!document.querySelector(`script[src*="${e.deps_data[t]}"]`)}));t.map((function(t){return e.deps_data[t]})),[...t,"root"].map((function(t){return function(){return new Promise((function(n){"root"!==t?b()([e.deps_data[t]],(function(){n()})):b()([e.url],(function(){n(),r()}))}))}})).reduce((function(e,t){return e.then((function(e){return t()}))}),Promise.resolve())}else b()(e.url,r)},_=function(){window.requestIdleCallback,ct_localizations.dynamic_js_chunks.map((function(e){e.id&&document.querySelector(e.selector)&&(e.trigger?("click"===e.trigger&&[...document.querySelectorAll(e.selector)].map((function(t){if(t.hasLazyLoadClickListener)return;t.hasLazyLoadClickListener=!0;const n=function(n){if(!(e.ignore_click&&n.target.matches(e.ignore_click)||(n.preventDefault(),t.closest(".ct-panel.active")&&t.matches('.ct-header-account[href*="account-modal"]'))))if(e.has_modal_loader){const r=function(){let r=!0;if(e.has_modal_loader&&e.has_modal_loader.skip_if_no_template&&!document.querySelector(`#${e.has_modal_loader.id}`)&&!L[e.id]&&(r=!1),r){const t=`\n <div data-behaviour="modal" class="ct-panel ${e.has_modal_loader.class?e.has_modal_loader.class:""}" ${e.has_modal_loader.id?`id="${e.has_modal_loader.id}"`:""}>\n <span data-loader="circles">\n <span></span>\n <span></span>\n <span></span>\n </span>\n </div>\n `,r=document.createElement("div");r.innerHTML=t;let o=r.firstElementChild;document.querySelector(".ct-drawer-canvas").appendChild(r.firstElementChild),v(n,{openStrategy:"fast",container:o})}S(e,{event:n},t)};if(document.body.dataset.panel){let e=document.querySelector(".ct-panel.active");if(e){let t=document.querySelector(`[data-toggle-panel="#${e.id}"]`)||document.querySelector(`[href="#${e.id}"]`);if(t)return t.click(),void setTimeout((function(){r()}),500)}}else r()}else S(e,{event:n},t)};t.dynamicJsChunkStop=function(){t.removeEventListener("click",n)},t.addEventListener("click",n)})),"submit"===e.trigger&&[...document.querySelectorAll(e.selector)].map((function(t){t.hasLazyLoadSubmitListener||(t.hasLazyLoadSubmitListener=!0,t.addEventListener("submit",(function(n){n.preventDefault(),S(e,{event:n},t)})))})),"hover"===e.trigger&&[...document.querySelectorAll(e.selector)].map((function(t){t.hasLazyLoadHoverListener||(t.hasLazyLoadHoverListener=!0,t.addEventListener("mouseover",(function(n){n.preventDefault(),S(e,{event:n},t)})))})),"intersection-observer"===e.trigger&&function(e){window.IntersectionObserver&&(P||(P=new IntersectionObserver((function(e){e.map((function(e){let{boundingClientRect:t,target:n,isIntersecting:r}=e;const o=n.__chunk__;if(!r&&t.y>0)return;let i="target-before-bottom";!r&&t.y<0&&(i="target-after-bottom"),("target-before-bottom"!==i||L[o.id])&&S(o,{state:i,target:n},o.el)}))}))),[...document.querySelectorAll(e.selector)].map((function(t){if(t.ioObserving)return;t.ioObserving=!0;const n=document.querySelector(e.target);n&&(n.__chunk__=j(j({},e),{},{el:t}),P.observe(n))})))}(e),"scroll"===e.trigger&&setTimeout((function(){let t=scrollY,n=function(r){if(Math.abs(scrollY-t)>30)return document.removeEventListener("scroll",n),void S(e)};document.addEventListener("scroll",n,{passive:!0})}),500)):S(e))}))},E=function(e,t){L[e]||(L[e]=t)};let q=null,C=null;const x=function(){q&&window.innerWidth===q||(q=window.innerWidth,l().trigger("ct:header:render-frame")),null!==C&&window.scrollY===C||(C=window.scrollY,l().trigger("ct:scroll:render-frame")),requestAnimationFrame(x)};function D(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function A(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?D(Object(n),!0).forEach((function(t){T(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):D(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function T(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const M=function(){return n.e(142).then(n.bind(n,142))},z=[{els:function(){return['header [data-device="desktop"] [data-id*="menu"] > .menu']},condition:function(){return"desktop"===(0,m.C)()},load:M,onLoad:!1,mount:function(e){let{el:t,mountMenuLevel:n}=e;return n(t,{startPosition:"left"})},events:["ct:general:device-change","ct:header:init-popper"]},{els:function(){return['header [data-device="desktop"] [data-id*="menu"] > .menu .menu-item-has-children','header [data-device="desktop"] [data-id*="menu"] > .menu .page_item_has_children']},load:M,mount:function(e){let{handleUpdate:t,el:n}=e;return t(n)},onLoad:!1,events:["ct:general:device-change","ct:header:init-popper"],condition:function(e){let{allEls:t}=e;return"desktop"===(0,m.C)()}},{els:function(){return[...document.querySelectorAll('header [data-device="desktop"] [data-id^="menu"][data-responsive]')]},load:function(){return n.e(68).then(n.bind(n,68))},events:["ct:general:device-change","ct:header:render-frame"],condition:function(){return"desktop"===(0,m.C)()&&[...document.querySelectorAll('header [data-device="desktop"] [data-id^="menu"][data-responsive]')].map((function(e){if(window.blocksyResponsiveMenuCache&&window.blocksyResponsiveMenuCache[e.id]&&window.blocksyResponsiveMenuCache[e.id].enabled)return window.blocksyResponsiveMenuCache[e.id].enabled;if(!e.firstElementChild)return window.blocksyResponsiveMenuCache||(window.blocksyResponsiveMenuCache={}),window.blocksyResponsiveMenuCache=A(A({},window.blocksyResponsiveMenuCache),{},{[e.id]:{enabled:!1}}),!1;let t=e.closest('[class*="ct-container"]'),n=t.getBoundingClientRect().width-[...t.querySelectorAll('[data-id]:not([data-id*="menu"])')].reduce((function(e,t){let n=window.getComputedStyle(t);return e+t.getBoundingClientRect().width+parseInt(n.getPropertyValue("margin-left"))+parseInt(n.getPropertyValue("margin-right"))}),0)<[...t.querySelectorAll('[data-id*="menu"] > * > *')].reduce((function(e,t){let n=window.getComputedStyle(t.closest('[data-id*="menu"]'));return e+t.getBoundingClientRect().width+parseInt(n.getPropertyValue("margin-left"))+parseInt(n.getPropertyValue("margin-right"))}),0);if(!n){let t=e.dataset.responsive;e.dataset.responsive="yes","no"===t&&l().trigger("ct:header:init-popper")}return window.blocksyResponsiveMenuCache||(window.blocksyResponsiveMenuCache={}),window.blocksyResponsiveMenuCache=A(A({},window.blocksyResponsiveMenuCache),{},{[e.id]:{enabled:n}}),n})).filter((function(e){return!!e})).length>0}},{els:function(){return'header [data-device="desktop"] [data-id^="menu"]:not([data-responsive])'},load:function(){return new Promise((function(e){return e({mount:function(e){l().trigger("ct:header:init-popper")}})}))}}],I=[{els:function(){return[[...document.querySelectorAll(".search-form[data-live-results]")].filter((function(e){return!e.matches('[id="search-modal"] .search-form[data-live-results]')&&!e.matches(".ct-sidebar .ct-widget .woocommerce-product-search")}))]},load:function(){return n.e(897).then(n.bind(n,897))},mount:function(e){let{mount:t,el:n}=e;return t(n,{})},trigger:["input"]},{els:".ct-sidebar .ct-widget .search-form:not(.woocommerce-product-search)[data-live-results]",load:function(){return n.e(897).then(n.bind(n,897))},trigger:["input"]},{els:".ct-sidebar .ct-widget .woocommerce-product-search",load:function(){return n.e(897).then(n.bind(n,897))},mount:function(e){let{mount:t,el:n}=e;return t(n,{})},trigger:["input"]},{els:'[id="search-modal"] .search-form[data-live-results]',load:function(){return n.e(897).then(n.bind(n,897))},mount:function(e){let{mount:t,el:n}=e;return t(n,{mode:"modal",perPage:6})},trigger:["input"]}];function R(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function F(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const $=[{els:"body.single-product .woocommerce-product-gallery",condition:function(){return!!document.querySelector(".woocommerce-product-gallery .ct-image-container")},load:function(){return n.e(321).then(n.bind(n,321))},trigger:["hover-with-click"]},function(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?R(Object(n),!0).forEach((function(t){F(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):R(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}({els:"form.variations_form",condition:function(){return!!document.querySelector(".woocommerce-product-gallery .ct-image-container")},load:function(){return n.e(765).then(n.bind(n,765))}},function(){try{return document.createEvent("TouchEvent"),!0}catch(e){return!1}}()?{}:{trigger:["hover"]}),{els:".quantity > *",load:function(){return n.e(316).then(n.bind(n,316))},trigger:["click"]},{els:function(){return[...document.querySelectorAll(".ct-ajax-add-to-cart .cart"),...document.querySelectorAll(".ct-floating-bar .cart")]},load:function(){return n.e(798).then(n.bind(n,798))},trigger:["submit"]},{els:".ct-header-cart, .ajax_add_to_cart",load:function(){return n.e(36).then(n.bind(n,36))},events:["ct:header:update"],trigger:["hover-with-touch"]}],B=function(){setTimeout((function(){let e=document.querySelector('.ct-shortcuts-container [data-shortcut="cart"]');if(e&&!e.hasClickListener){e.hasClickListener=!0;const t=function(e){let t=document.querySelector(".ct-header-cart .ct-offcanvas-trigger");t&&(e.preventDefault(),t.dispatchEvent(new MouseEvent(e.type,{view:window,bubbles:!0,cancelable:!0})))};e.addEventListener("mouseover",t),e.addEventListener("click",t)}[...document.querySelectorAll("#woo-cart-panel .qty")].map((function(e){e.hasChangeListener||(e.hasChangeListener=!0,d()(e).on("change",(function(t){var n=d()(e).attr("name").replace(/cart\[([\w]+)\]\[qty\]/g,"$1"),r=d()(e).val(),o=parseFloat(r);d().ajax({type:"POST",url:ct_localizations.ajax_url,data:{action:"blocksy_update_qty_cart",hash:n,quantity:o},success:function(e){jQuery("body").trigger("updated_wc_div"),l().trigger("ct:header:update")}})})))}))}),100)};(0,p.Cg)(B),l().on("blocksy:frontend:init",B);const N=["mount","el"];function W(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function X(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?W(Object(n),!0).forEach((function(t){H(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):W(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function H(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}document.addEventListener("click",(function(e){return 0}));const Y=/apple/i.test(navigator.vendor),V=[...z,...I,...$,{els:"[data-parallax]",load:function(){return n.e(735).then(n.bind(n,735))},events:["blocksy:parallax:init"]},{els:'.flexy-container[data-flexy*="no"]',load:function(){return n.e(167).then(n.bind(n,167))},events:["ct:flexy:update"],trigger:["hover-with-touch"]},{els:'.ct-share-box [data-network="pinterest"]',load:function(){return n.e(150).then(n.bind(n,150))},trigger:["click"]},{els:'.ct-share-box [data-network]:not([data-network="pinterest"]):not([data-network="email"])',load:function(){return n.e(150).then(n.bind(n,150))},trigger:["click"],condition:function(){return!/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)}},{els:[...document.querySelector(".ct-header-cart > .ct-cart-content")?[".ct-header-cart > .ct-cart-item"]:[],".ct-language-switcher > .ct-active-language"],load:function(){return n.e(559).then(n.bind(n,559))},trigger:["hover"],events:["ct:popper-elements:update"]},{els:'.ct-back-to-top, .ct-shortcuts-container [data-shortcut*="scroll_top"]',load:function(){return n.e(466).then(n.bind(n,466))},events:["ct:back-to-top:mount"],trigger:["scroll"]},{els:'.ct-pagination:not([data-pagination="simple"])',load:function(){return n.e(308).then(n.bind(n,308))},trigger:["scroll"]},{els:[".entries[data-layout]","[data-products].products"],load:function(){return new Promise((function(e){return e({mount:f.Z})}))}},{els:[".ct-modal-action"],load:function(){return new Promise((function(e){return e({mount:O})}))},events:["ct:header:update"],trigger:["click"]},{els:[".ct-header-search"],load:function(){return new Promise((function(e){return e({mount:O})}))},mount:function(e){let{mount:t,el:n}=e;t(n,X(X({},function(e,t){if(null==e)return{};var n,r,o=function(e,t){if(null==e)return{};var n,r,o={},i=Object.keys(e);for(r=0;r<i.length;r++)n=i[r],t.indexOf(n)>=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r<i.length;r++)n=i[r],t.indexOf(n)>=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}(e,N)),{},{focus:!0}))},events:[],trigger:["click"]}];(0,p.XT)(V,{immediate:/comp|inter|loaded/.test(document.readyState)});const J=function(){[...document.querySelectorAll(".ct-header-trigger"),...document.querySelectorAll(".ct-offcanvas-trigger")].map((function(e){e&&!e.hasListener&&(e.hasListener=!0,e.addEventListener("click",(function(t){if(t.preventDefault(),!e.dataset.togglePanel&&!e.hash)return;let n=document.querySelector(e.dataset.togglePanel||e.hash);n&&v(t,{container:n,closeWhenLinkInside:!e.closest(".ct-header-cart"),computeScrollContainer:function(){return n.querySelector(".cart_list")&&!n.querySelector('[data-id="cart"] .cart_list')?n.querySelector(".cart_list"):"mobile"===(0,m.C)()&&n.querySelector('[data-device="mobile"]')?n.querySelector('[data-device="mobile"]'):n.querySelector(".ct-panel-content")}})})))}))},Q=function(){[...document.querySelectorAll('aside[data-type="type-4"]')].map((function(e){let t=window.innerWidth-document.documentElement.clientWidth;t>0&&e.style.setProperty("--scrollbar-width",`${t}px`),e.style.setProperty("--has-scrollbar",1)}))};(0,p.Cg)((function(){document.body.addEventListener("mouseover",(function(){(0,p.Xr)(ct_localizations.dynamic_styles.lazy_load)}),{once:!0,passive:!0});let e=[...document.querySelectorAll('.comment-form [class*="comment-form-field"]')].reduce((function(e,t){return[...e,t.querySelector("input,textarea")]}),[]).filter((function(e){return"hidden"!==e.type&&"checkbox"!==e.type}));const t=function(){e.map((function(e){e.parentNode.classList.remove("ct-not-empty"),e.value&&e.value.trim().length>0&&e.parentNode.classList.add("ct-not-empty")}))};setTimeout((function(){t()})),e.map((function(e){return e.addEventListener("input",t)})),_(),Q(),setTimeout((function(){return document.body.classList.remove("ct-loading")}),1500),setTimeout((function(){J()})),requestAnimationFrame(x),window.elementorFrontend&&setTimeout((function(){elementorFrontend.elements.$document.off("click",elementorFrontend.utils.anchors.getSettings("selectors.links"),elementorFrontend.utils.anchors.handleAnchorLinks)}),1e3)})),d()&&(d()(document.body).on("wc_fragments_refreshed",(function(){l().trigger("blocksy:frontend:init")})),d()(".composite_data").on("wc-composite-initializing",(function(e,t){t.actions.add_action("component_selection_changed",(function(){setTimeout((function(){l().trigger("blocksy:frontend:init")}),1e3)}))})),d()(document.body).on("wc_fragments_loaded",(function(){l().trigger("blocksy:frontend:init")})),d()(document).on("jet-filter-content-rendered",(function(){l().trigger("blocksy:frontend:init")})),d()(document).on("yith_infs_added_elem",(function(){l().trigger("blocksy:frontend:init")})),jQuery(document).on("yith-wcan-ajax-filtered",(function(){l().trigger("blocksy:frontend:init")})),d()(document).on("berocket_ajax_filtering_end",(function(){setTimeout((function(){l().trigger("blocksy:frontend:init")}),100)})),d()(document).on("preload",(function(){l().trigger("blocksy:frontend:init")})),document.addEventListener("wpfAjaxSuccess",(function(e){l().trigger("blocksy:frontend:init")})),document.addEventListener("facetwp-loaded",(function(){l().trigger("blocksy:frontend:init")})),d()(document).on("sf:ajaxfinish",(function(){l().trigger("blocksy:frontend:init")})),d()(document).on("ddwcpoRenderVariation",(function(){setTimeout((function(){l().trigger("blocksy:frontend:init")}))}))),l().on("blocksy:frontend:init",(function(){(0,p.XT)(V,{immediate:!0,skipEvents:!0}),_(),Q(),J()})),l().on("ct:overlay:handle-click",(function(e){let{e:t,href:n,container:r,options:o={}}=e;v(t,X(X(X({},n?{container:document.querySelector(n)}:{}),r?{container:r}:{}),o))}))},989:function(e,t,n){n.p=ct_localizations.public_url},277:function(e,t,n){var r,o,i;i=function(){var e,t,n=document,r=n.getElementsByTagName("head")[0],o={},i={},c={},a={};function u(e,t){for(var n=0,r=e.length;n<r;++n)if(!t(e[n]))return!1;return 1}function l(e,t){u(e,(function(e){return t(e),1}))}function s(t,n,r){t=t.push?t:[t];var f=n&&n.call,p=f?n:r,m=f?t.join(""):n,h=t.length;function b(e){return e.call?e():o[e]}function g(){if(!--h)for(var e in o[m]=1,p&&p(),c)u(e.split("|"),b)&&!l(c[e],b)&&(c[e]=[])}return setTimeout((function(){l(t,(function t(n,r){return null===n?g():(r||/^https?:\/\//.test(n)||!e||(n=-1===n.indexOf(".js")?e+n+".js":e+n),a[n]?(m&&(i[m]=1),2==a[n]?g():setTimeout((function(){t(n,!0)}),0)):(a[n]=1,m&&(i[m]=1),void d(n,g)))}))}),0),s}function d(e,o){var i,c=n.createElement("script");c.onload=c.onerror=c.onreadystatechange=function(){c.readyState&&!/^c|loade/.test(c.readyState)||i||(c.onload=c.onreadystatechange=null,i=1,a[e]=2,o())},c.async=1,c.src=t?e+(-1===e.indexOf("?")?"?":"&")+t:e,r.insertBefore(c,r.lastChild)}return s.get=d,s.order=function(e,t,n){!function r(o){o=e.shift(),e.length?s(o,r):s(o,t,n)}()},s.path=function(t){e=t},s.urlArgs=function(e){t=e},s.ready=function(e,t,n){e=e.push?e:[e];var r,i=[];return!l(e,(function(e){o[e]||i.push(e)}))&&u(e,(function(e){return o[e]}))?t():(r=e.join("|"),c[r]=c[r]||[],c[r].push(t),n&&n(i)),s},s.done=function(e){s([null],e)},s},e.exports?e.exports=i():void 0===(o="function"==typeof(r=i)?r.call(t,n,t,e):r)||(e.exports=o)},601:function(e){"use strict";e.exports=globalThis.ctEvents},194:function(e){"use strict";e.exports=globalThis.jQuery}},r={};function o(e){var t=r[e];if(void 0!==t)return t.exports;var i=r[e]={exports:{}};return n[e].call(i.exports,i,i.exports,o),i.exports}o.m=n,o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,{a:t}),t},o.d=function(e,t){for(var n in t)o.o(t,n)&&!o.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},o.f={},o.e=function(e){return Promise.all(Object.keys(o.f).reduce((function(t,n){return o.f[n](e,t),t}),[]))},o.u=function(e){return e+"."+{36:"870e0c3aa08c92b9f4dc",38:"4d46d7a7deb5d9fd6412",68:"7f9294cda3de1927f0d7",142:"52ae544efaeaa302199b",150:"6e2fbda9e46814ea337b",167:"fd81135b71bdeae94258",308:"b59318afcbb9e19a1fa6",316:"e7d5b4adf00c6c10ca1b",321:"3a60ac255380431c2284",466:"41c76717f9171eac501f",559:"39474f63a11d5a5cdb25",735:"95ccfca9efbfca5f5f36",765:"694879b65c19d2cb6af4",798:"322ad047019e8ef7584e",897:"1c70e639f6e3fff21697"}[e]+".js"},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},e={},t="ctFrontend:",o.l=function(n,r,i,c){if(e[n])e[n].push(r);else{var a,u;if(void 0!==i)for(var l=document.getElementsByTagName("script"),s=0;s<l.length;s++){var d=l[s];if(d.getAttribute("src")==n||d.getAttribute("data-webpack")==t+i){a=d;break}}a||(u=!0,(a=document.createElement("script")).charset="utf-8",a.timeout=120,o.nc&&a.setAttribute("nonce",o.nc),a.setAttribute("data-webpack",t+i),a.src=n),e[n]=[r];var f=function(t,r){a.onerror=a.onload=null,clearTimeout(p);var o=e[n];if(delete e[n],a.parentNode&&a.parentNode.removeChild(a),o&&o.forEach((function(e){return e(r)})),t)return t(r)},p=setTimeout(f.bind(null,void 0,{type:"timeout",target:a}),12e4);a.onerror=f.bind(null,a.onerror),a.onload=f.bind(null,a.onload),u&&document.head.appendChild(a)}},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.p="",function(){var e={179:0};o.f.j=function(t,n){var r=o.o(e,t)?e[t]:void 0;if(0!==r)if(r)n.push(r[2]);else{var i=new Promise((function(n,o){r=e[t]=[n,o]}));n.push(r[2]=i);var c=o.p+o.u(t),a=new Error;o.l(c,(function(n){if(o.o(e,t)&&(0!==(r=e[t])&&(e[t]=void 0),r)){var i=n&&("load"===n.type?"missing":n.type),c=n&&n.target&&n.target.src;a.message="Loading chunk "+t+" failed.\n("+i+": "+c+")",a.name="ChunkLoadError",a.type=i,a.request=c,r[1](a)}}),"chunk-"+t,t)}};var t=function(t,n){var r,i,[c,a,u]=n,l=0;if(c.some((function(t){return 0!==e[t]}))){for(r in a)o.o(a,r)&&(o.m[r]=a[r]);u&&u(o)}for(t&&t(n);l<c.length;l++)i=c[l],o.o(e,i)&&e[i]&&e[i][0](),e[i]=0},n=globalThis.blocksyJsonP=globalThis.blocksyJsonP||[];n.forEach(t.bind(null,0)),n.push=t.bind(null,n.push.bind(n))}();var i=o(577);globalThis.ctFrontend=i}();
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/customizer/controls.js

Line 61 in fe52f6e

document.querySelector('.ct-onboarding-button')
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/customizer/options/widget-area/LegacyWidgetArea.js

Line 125 in fe52f6e

widgetContainer
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/customizer/sync/woocommerce/archive-product.js

Line 53 in fe52f6e

el.classList.remove('ct-disable-transitions')
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/dynamic-chunks.js

Line 310 in fe52f6e

document.addEventListener('scroll', cb, { passive: true })
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/editor/sync.js

Line 95 in fe52f6e

document.body.classList.add('ct-theme-editor-styles')
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/header/menu.js

Line 315 in fe52f6e

closeSubmenu(e)
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/layouts/infinite-scroll.js

Line 57 in fe52f6e

'wc_price_based_country_ajax_geolocation'
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/lazy/overlay.js

Line 203 in fe52f6e

.parentNode
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/woocommerce/main.js

Line 120 in fe52f6e

ctEvents.trigger('ct:header:update')
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/woocommerce/mini-cart.js

Line 49 in fe52f6e

📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/frontend/woocommerce/single-product-gallery.js

Line 99 in fe52f6e

].map((el) => el.remove())
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/helpers.js

Line 103 in fe52f6e

document.addEventListener('scroll', cb)
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/main.js

Line 236 in fe52f6e

setTimeout(() => document.body.classList.remove('ct-loading'), 1500)
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/options/options/ct-select.js

Line 255 in fe52f6e

itemTop - popoverTop
📚
Medium Title: Dynamic evaluation of untrusted input (Frontend)

WordPress/wp-content/themes/blocksy/static/js/options.js

Line 20 in fe52f6e

initAllWooVariations()
📚

More info on how to fix Insecure Use of Dangerous Function in PHP and JavaScript.

Vulnerable Libraries (19)
Severity Details
Critical pkg:npm/wpsec@2.0.0 upgrade to: > 2.0.0
Critical pkg:npm/wpcheck@1.2.0 upgrade to: > 1.2.0
High pkg:gem/wpscan@3.8.7 upgrade to: > 3.8.7
High pkg:pypi/certifi@2019.3.9 upgrade to: 2022.12.07
Medium pkg:pypi/requests@2.21.0 upgrade to: 2.31.0
Medium pkg:pypi/urllib3@1.24.2 upgrade to: 2.0.7,1.26.18
High pkg:pypi/certifi@2019.3.9 upgrade to: 2022.12.07
Medium pkg:pypi/requests@2.21.0 upgrade to: 2.31.0
Medium pkg:pypi/urllib3@1.24.2 upgrade to: 2.0.7,1.26.18
Medium pkg:composer/enshrined/svg-sanitize@0.15.4 upgrade to: 0.16.0
High chart.js@2.7.2 upgrade to: >2.9.4
High moment.js@2.22.2 upgrade to: >2.29.4
High moment.js@2.22.2 upgrade to: >2.29.4
Medium select2@4.0.6-rc.1 upgrade to: >4.0.6
Medium select2@4.0.6-rc.1 upgrade to: >4.0.6
Medium select2@4.0.3 upgrade to: >4.0.6
Medium select2@4.0.3 upgrade to: >4.0.6
Medium select2@4.0.3 upgrade to: >4.0.6
Medium select2@4.0.3 upgrade to: >4.0.6

More info on how to fix Vulnerable Libraries in JavaScript, Ruby, Python and PHP.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

@pwtyler
Copy link
Member

pwtyler commented Dec 21, 2023

I expect this was not opened against the correct remote <3

@pwtyler pwtyler closed this Dec 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jamesrutherford @pwtyler @kyletaylored