Back to Codebase

Vulnerability Analysis Report

Magento Luma Default Theme v2.2.0-RC1.3

Scan ID: SCAN-MAGENTO-LUMA-cLunHZ • Hash: 3cfc6b2b

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.111s

Vulnerability Details

L42

Dynamic Code Execution in AssertOrderInOrdersGrid.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Sales/Test/Constraint/AssertOrderInOrdersGrid.php:42
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert(OrderInjectable $order, OrderIndex $orderIndex, $status, $orderId = '')
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L19

Dynamic Code Execution in AssertCartPriceRuleConditionIsApplied.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/SalesRule/Test/Constraint/AssertCartPriceRuleConditionIsApplied.php:19
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- protected function assert()
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L21

Dynamic Code Execution in AssertCartPriceRuleFreeShippingIsApplied.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/SalesRule/Test/Constraint/AssertCartPriceRuleFreeShippingIsApplied.php:21
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- protected function assert()
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L59

Dynamic Code Execution in AssertShipmentItems.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Shipping/Test/Constraint/AssertShipmentItems.php:59
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($order, $ids, $orderShipmentView, $data);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L84

Dynamic Code Execution in AbstractAssertTaxWithCrossBorderApplying.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Tax/Test/Constraint/AbstractAssertTaxWithCrossBorderApplying.php:84
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($actualPrices);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in AssertTaxRuleApplying.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Tax/Test/Constraint/AssertTaxRuleApplying.php:71
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- abstract protected function assert();
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L19

Dynamic Code Execution in AssertTaxRuleIsNotApplied.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Tax/Test/Constraint/AssertTaxRuleIsNotApplied.php:19
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- protected function assert()
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L21

Dynamic Code Execution in AssertTaxWithCrossBorderNotApplied.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Tax/Test/Constraint/AssertTaxWithCrossBorderNotApplied.php:21
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert($actualPrices)
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L472

Dynamic Code Execution in Filesystem.php

CWE-94
File Location: lib/internal/Magento/Framework/Data/Collection/Filesystem.php:472
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('$result = ' . $this->_filterEvalRendered . ';');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L55

Dynamic Code Execution in BundleProductsAssert.php

CWE-94
File Location: dev/tests/integration/testsuite/Magento/Setup/Fixtures/FixturesAsserts/BundleProductsAssert.php:55
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert()
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L30

Dynamic Code Execution in AssertOrderInOrdersGrid.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Sales/Test/Constraint/AssertOrderInOrdersGrid.php:30
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($order, $orderIndex, $status, $orderId);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L141

Dynamic Code Execution in MassActionTest.php

CWE-94
File Location: dev/tests/integration/testsuite/Magento/Backend/Controller/Adminhtml/Cache/MassActionTest.php:141
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $configData = eval(str_replace('<?php', '', file_get_contents($configPath)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L50

Dynamic Code Execution in SimpleProductsAssert.php

CWE-94
File Location: dev/tests/integration/testsuite/Magento/Setup/Fixtures/FixturesAsserts/SimpleProductsAssert.php:50
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert()
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in AssertOrdersInOrdersGrid.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Sales/Test/Constraint/AssertOrdersInOrdersGrid.php:36
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assertOrderInOrdersGrid->assert($order, $orderIndex, $orderStatuses[$key]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in AssertCartPriceRuleApplying.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/SalesRule/Test/Constraint/AssertCartPriceRuleApplying.php:103
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- abstract protected function assert();
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L193

Dynamic Code Execution in AssertCartPriceRuleApplying.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/SalesRule/Test/Constraint/AssertCartPriceRuleApplying.php:193
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert();
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L19

Dynamic Code Execution in AssertCartPriceRuleConditionIsNotApplied.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/SalesRule/Test/Constraint/AssertCartPriceRuleConditionIsNotApplied.php:19
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- protected function assert()
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in AssertShipmentItems.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Shipping/Test/Constraint/AssertShipmentItems.php:71
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- protected function assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L57

Dynamic Code Execution in AbstractAssertTaxWithCrossBorderApplying.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Tax/Test/Constraint/AbstractAssertTaxWithCrossBorderApplying.php:57
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- abstract protected function assert($actualPrices);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L141

Dynamic Code Execution in AssertTaxRuleApplying.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Tax/Test/Constraint/AssertTaxRuleApplying.php:141
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert();
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L19

Dynamic Code Execution in AssertTaxRuleIsApplied.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Tax/Test/Constraint/AssertTaxRuleIsApplied.php:19
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- protected function assert()
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L21

Dynamic Code Execution in AssertTaxWithCrossBorderApplied.php

CWE-94
File Location: dev/tests/functional/tests/app/Magento/Tax/Test/Constraint/AssertTaxWithCrossBorderApplied.php:21
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert($actualPrices)
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L121

Dynamic Code Execution in FixtureModelTest.php

CWE-94
File Location: dev/tests/integration/testsuite/Magento/Setup/Fixtures/FixtureModelTest.php:121
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $entityAssert->assert();
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L54

Dynamic Code Execution in ConfigurableProductsAssert.php

CWE-94
File Location: dev/tests/integration/testsuite/Magento/Setup/Fixtures/FixturesAsserts/ConfigurableProductsAssert.php:54
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert()
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L75

Dynamic Code Execution in ImagesAssert.php

CWE-94
File Location: dev/tests/integration/testsuite/Magento/Setup/Fixtures/FixturesAsserts/ImagesAssert.php:75
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert()
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L402

Insecure DOM Manipulation (XSS) in configure.js

CWE-79
File Location: app/code/Magento/Catalog/view/adminhtml/web/catalog/product/composite/configure.js:402
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.blockMsgError.innerHTML = response.message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L232

Insecure DOM Manipulation (XSS) in addresses.js

CWE-79
File Location: app/code/Magento/Customer/view/adminhtml/web/edit/tab/js/addresses.js:232
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- itemContainer[0].innerHTML = tmpl;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L26

Insecure DOM Manipulation (XSS) in insert-form.js

CWE-79
File Location: app/code/Magento/Ui/view/base/web/js/form/components/insert-form.js:26
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = elem;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L25

Insecure DOM Manipulation (XSS) in ext-tree.js

CWE-79
File Location: lib/web/extjs/ext-tree.js:25
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- Ext.DomQuery=function(){var _1={},_2={},_3={};var _4=/\S/;var _5=/^\s+|\s+$/g;var _6=/\{(\d+)\}/g;var _7=/^(\s?[\/>]\s?|\s|$)/;var _8=/^(#)?([\w-\*]+)/;function child(p,_a){var i=0;var n=p.firstChild;while(n){if(n.nodeType==1){if(++i==_a){return n;}}n=n.nextSibling;}return null;}function next(n){while((n=n.nextSibling)&&n.nodeType!=1){}return n;}function prev(n){while((n=n.previousSibling)&&n.nodeType!=1){}return n;}function clean(d){var n=d.firstChild,ni=-1;while(n){var nx=n.nextSibling;if(n.nodeType==3&&!_4.test(n.nodeValue)){d.removeChild(n);}else{n.nodeIndex=++ni;}n=nx;}return this;}function byClassName(c,a,v,re,cn){if(!v){return c;}var r=[];for(var i=0,ci;ci=c[i];i++){cn=ci.className;if(cn&&(" "+cn+" ").indexOf(v)!=-1){r[r.length]=ci;}}return r;}function attrValue(n,_1c){if(!n.tagName&&typeof n.length!="undefined"){n=n[0];}if(!n){return null;}if(_1c=="for"){return n.htmlFor;}if(_1c=="class"||_1c=="className"){return n.className;}return n.getAttribute(_1c)||n[_1c];}function getNodes(ns,_1e,_1f){var _20=[],cs;if(!ns){return _20;}_1e=_1e?_1e.replace(_5,""):"";_1f=_1f||"*";if(typeof ns.getElementsByTagName!="undefined"){ns=[ns];}if(_1e!="/"&&_1e!=">"){for(var i=0,ni;ni=ns[i];i++){cs=ni.getElementsByTagName(_1f);for(var j=0,ci;ci=cs[j];j++){_20[_20.length]=ci;}}}else{for(var i=0,ni;ni=ns[i];i++){var cn=ni.getElementsByTagName(_1f);for(var j=0,cj;cj=cn[j];j++){if(cj.parentNode==ni){_20[_20.length]=cj;}}}}return _20;}function concat(a,b){if(b.slice){return a.concat(b);}for(var i=0,l=b.length;i<l;i++){a[a.length]=b[i];}return a;}function byTag(cs,_2d){if(cs.tagName||cs==document){cs=[cs];}if(!_2d){return cs;}var r=[];_2d=_2d.toLowerCase();for(var i=0,ci;ci=cs[i];i++){if(ci.nodeType==1&&ci.tagName.toLowerCase()==_2d){r[r.length]=ci;}}return r;}function byId(cs,_32,id){if(cs.tagName||cs==document){cs=[cs];}if(!id){return cs;}var r=[];for(var i=0,ci;ci=cs[i];i++){if(ci&&ci.id==id){r[r.length]=ci;return r;}}return r;}function byAttribute(cs,_38,_39,op,_3b){var r=[],st=_3b=="{";var f=Ext.DomQuery.operators[op];for(var i=0;ci=cs[i];i++){var a;if(st){a=Ext.DomQuery.getStyle(ci,_38);}else{if(_38=="class"||_38=="className"){a=ci.className;}else{if(_38=="for"){a=ci.htmlFor;}else{if(_38=="href"){a=ci.getAttribute("href",2);}else{a=ci.getAttribute(_38);}}}}if((f&&f(a,_39))||(!f&&a)){r[r.length]=ci;}}return r;}function byPseudo(cs,_42,_43){return Ext.DomQuery.pseudos[_42](cs,_43);}var _44=window.ActiveXObject?true:false;var key=30803;function nodupIEXml(cs){var d=++key;cs[0].setAttribute("_nodup",d);var r=[cs[0]];for(var i=1,len=cs.length;i<len;i++){var c=cs[i];if(!c.getAttribute("_nodup")!=d){c.setAttribute("_nodup",d);r[r.length]=c;}}for(var i=0,len=cs.length;i<len;i++){cs[i].removeAttribute("_nodup");}return r;}function nodup(cs){if(!cs){return [];}var len=cs.length,c,i,r=cs,cj;if(!len||typeof cs.nodeType!="undefined"||len==1){return cs;}if(_44&&typeof cs[0].selectSingleNode!="undefined"){return nodupIEXml(cs);}var d=++key;cs[0]._nodup=d;for(i=1;c=cs[i];i++){if(c._nodup!=d){c._nodup=d;}else{r=[];for(var j=0;j<i;j++){r[r.length]=cs[j];}for(j=i+1;cj=cs[j];j++){if(cj._nodup!=d){cj._nodup=d;r[r.length]=cj;}}return r;}}return r;}function quickDiffIEXml(c1,c2){var d=++key;for(var i=0,len=c1.length;i<len;i++){c1[i].setAttribute("_qdiff",d);}var r=[];for(var i=0,len=c2.length;i<len;i++){if(c2[i].getAttribute("_qdiff")!=d){r[r.length]=c2[i];}}for(var i=0,len=c1.length;i<len;i++){c1[i].removeAttribute("_qdiff");}return r;}function quickDiff(c1,c2){var _5c=c1.length;if(!_5c){return c2;}if(_44&&c1[0].selectSingleNode){return quickDiffIEXml(c1,c2);}var d=++key;for(var i=0;i<_5c;i++){c1[i]._qdiff=d;}var r=[];for(var i=0,len=c2.length;i<len;i++){if(c2[i]._qdiff!=d){r[r.length]=c2[i];}}return r;}function quickId(ns,_62,_63,id){if(ns==_63){var d=_63.ownerDocument||_63;return d.getElementById(id);}ns=getNodes(ns,_62,"*");return byId(ns,null,id);}return {getStyle:function(el,_67){return Ext.fly(el).getStyle(_67);},compile:function(_68,_69){while(_68.substr(0,1)=="/"){_68=_68.substr(1);}_69=_69||"select";var fn=["var f = function(root){\n var mode; var n = root || document;\n"];var q=_68,_6c,lq;var tk=Ext.DomQuery.matchers;var _6f=tk.length;var mm;while(q&&lq!=q){lq=q;var tm=q.match(_8);if(_69=="select"){if(tm){if(tm[1]=="#"){fn[fn.length]="n = quickId(n, mode, root, \""+tm[2]+"\");";}else{fn[fn.length]="n = getNodes(n, mode, \""+tm[2]+"\");";}q=q.replace(tm[0],"");}else{if(q.substr(0,1)!="@"){fn[fn.length]="n = getNodes(n, mode, \"*\");";}}}else{if(tm){if(tm[1]=="#"){fn[fn.length]="n = byId(n, null, \""+tm[2]+"\");";}else{fn[fn.length]="n = byTag(n, \""+tm[2]+"\");";}q=q.replace(tm[0],"");}}while(!(mm=q.match(_7))){var _72=false;for(var j=0;j<_6f;j++){var t=tk[j];var m=q.match(t.re);if(m){fn[fn.length]=t.select.replace(_6,function(x,i){return m[i];});q=q.replace(m[0],"");_72=true;break;}}if(!_72){throw "Error parsing selector, parsing failed at \""+q+"\"";}}if(mm[1]){fn[fn.length]="mode=\""+mm[1]+"\";";q=q.replace(mm[1],"");}}fn[fn.length]="return nodup(n);\n}";eval(fn.join(""));return f;},select:function(_78,_79,_7a){if(!_79||_79==document){_79=document;}if(typeof _79=="string"){_79=document.getElementById(_79);}var _7b=_78.split(",");var _7c=[];for(var i=0,len=_7b.length;i<len;i++){var p=_7b[i].replace(_5,"");if(!_1[p]){_1[p]=Ext.DomQuery.compile(p);if(!_1[p]){throw p+" is not a valid selector";}}var _80=_1[p](_79);if(_80&&_80!=document){_7c=_7c.concat(_80);}}return _7c;},selectNode:function(_81,_82){return Ext.DomQuery.select(_81,_82)[0];},selectValue:function(_83,_84,_85){_83=_83.replace(_5,"");if(!_3[_83]){_3[_83]=Ext.DomQuery.compile(_83,"select");}var n=_3[_83](_84);n=n[0]?n[0]:n;var v=(n&&n.firstChild?n.firstChild.nodeValue:null);return (v===null?_85:v);},selectNumber:function(_88,_89,_8a){var v=Ext.DomQuery.selectValue(_88,_89,_8a||0);return parseFloat(v);},is:function(el,ss){if(typeof el=="string"){el=document.getElementById(el);}var _8e=(el instanceof Array);var _8f=Ext.DomQuery.filter(_8e?el:[el],ss);return _8e?(_8f.length==el.length):(_8f.length>0);},filter:function(els,ss,_92){ss=ss.replace(_5,"");if(!_2[ss]){_2[ss]=Ext.DomQuery.compile(ss,"simple");}var _93=_2[ss](els);return _92?quickDiff(_93,els):_93;},matchers:[{re:/^\.([\w-]+)/,select:"n = byClassName(n, null, \" {1} \");"},{re:/^\:([\w-]+)(?:\(((?:[^\s>\/]*|.*?))\))?/,select:"n = byPseudo(n, \"{1}\", \"{2}\");"},{re:/^(?:([\[\{])(?:@)?([\w-]+)\s?(?:(=|.=)\s?['"]?(.*?)["']?)?[\]\}])/,select:"n = byAttribute(n, \"{2}\", \"{4}\", \"{3}\", \"{1}\");"},{re:/^#([\w-]+)/,select:"n = byId(n, null, \"{1}\");"},{re:/^@([\w-]+)/,select:"return {firstChild:{nodeValue:attrValue(n, \"{1}\")}};"}],operators:{"=":function(a,v){return a==v;},"!=":function(a,v){return a!=v;},"^=":function(a,v){return a&&a.substr(0,v.length)==v;},"$=":function(a,v){return a&&a.substr(a.length-v.length)==v;},"*=":function(a,v){return a&&a.indexOf(v)!==-1;},"%=":function(a,v){return (a%v)==0;}},pseudos:{"first-child":function(c){var r=[],n;for(var i=0,ci;ci=n=c[i];i++){while((n=n.previousSibling)&&n.nodeType!=1){}if(!n){r[r.length]=ci;}}return r;},"last-child":function(c){var r=[];for(var i=0,ci;ci=n=c[i];i++){while((n=n.nextSibling)&&n.nodeType!=1){}if(!n){r[r.length]=ci;}}return r;},"nth-child":function(c,a){var r=[];if(a!="odd"&&a!="even"){for(var i=0,ci;ci=c[i];i++){var m=child(ci.parentNode,a);if(m==ci){r[r.length]=m;}}return r;}var p;for(var i=0,l=c.length;i<l;i++){var cp=c[i].parentNode;if(cp!=p){clean(cp);p=cp;}}for(var i=0,ci;ci=c[i];i++){var m=false;if(a=="odd"){m=((ci.nodeIndex+1)%2==1);}else{if(a=="even"){m=((ci.nodeIndex+1)%2==0);}}if(m){r[r.length]=ci;}}return r;},"only-child":function(c){var r=[];for(var i=0,ci;ci=c[i];i++){if(!prev(ci)&&!next(ci)){r[r.length]=ci;}}return r;},"empty":function(c){var r=[];for(var i=0,ci;ci=c[i];i++){var cns=ci.childNodes,j=0,cn,_bd=true;while(cn=cns[j]){++j;if(cn.nodeType==1||cn.nodeType==3){_bd=false;break;}}if(_bd){r[r.length]=ci;}}return r;},"contains":function(c,v){var r=[];for(var i=0,ci;ci=c[i];i++){if(ci.innerHTML.indexOf(v)!==-1){r[r.length]=ci;}}return r;},"nodeValue":function(c,v){var r=[];for(var i=0,ci;ci=c[i];i++){if(ci.firstChild&&ci.firstChild.nodeValue==v){r[r.length]=ci;}}return r;},"checked":function(c){var r=[];for(var i=0,ci;ci=c[i];i++){if(ci.checked==true){r[r.length]=ci;}}return r;},"not":function(c,ss){return Ext.DomQuery.filter(c,ss,true);},"odd":function(c){return this["nth-child"](c,"odd");},"even":function(c){return this["nth-child"](c,"even");},"nth":function(c,a){return c[a-1]||[];},"first":function(c){return c[0]||[];},"last":function(c){return c[c.length-1]||[];},"has":function(c,ss){var s=Ext.DomQuery.select;var r=[];for(var i=0,ci;ci=c[i];i++){if(s(ss,ci).length>0){r[r.length]=ci;}}return r;},"next":function(c,ss){var is=Ext.DomQuery.is;var r=[];for(var i=0,ci;ci=c[i];i++){var n=next(ci);if(n&&is(n,ss)){r[r.length]=ci;}}return r;},"prev":function(c,ss){var is=Ext.DomQuery.is;var r=[];for(var i=0,ci;ci=c[i];i++){var n=prev(ci);if(n&&is(n,ss)){r[r.length]=ci;}}return r;}}};}();Ext.query=Ext.DomQuery.select;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L5546

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: lib/web/jquery.js:5546
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmp.innerHTML = wrap[1] + elem.replace( rxhtmlTag, "<$1></$2>" ) + wrap[2];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L2

Insecure DOM Manipulation (XSS) in jquery.min.js

CWE-79
File Location: lib/web/jquery/jquery.min.js:2
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k="".trim,l={},m="1.11.0",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(n.isPlainObject(c)||(b=n.isArray(c)))?(b?(b=!1,f=a&&n.isArray(a)?a:[]):f=a&&n.isPlainObject(a)?a:{},g[d]=n.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray||function(a){return"array"===n.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){return a-parseFloat(a)>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a||"object"!==n.type(a)||a.nodeType||n.isWindow(a))return!1;try{if(a.constructor&&!j.call(a,"constructor")&&!j.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(l.ownLast)for(b in a)return j.call(a,b);for(b in a);return void 0===b||j.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?h[i.call(a)]||"object":typeof a},globalEval:function(b){b&&n.trim(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=s(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:k&&!k.call("\ufeff\xa0")?function(a){return null==a?"":k.call(a)}:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(g)return g.call(b,a,c);for(d=b.length,c=c?0>c?Math.max(0,d+c):c:0;d>c;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=s(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(f=a[b],b=a,a=f),n.isFunction(a)?(c=d.call(arguments,2),e=function(){return a.apply(b||this,c.concat(d.call(arguments)))},e.guid=a.guid=a.guid||n.guid++,e):void 0},now:function(){return+new Date},support:l}),n.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(a,b){h["[object "+b+"]"]=b.toLowerCase()});function s(a){var b=a.length,c=n.type(a);return"function"===c||n.isWindow(a)?!1:1===a.nodeType&&b?!0:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s="sizzle"+-new Date,t=a.document,u=0,v=0,w=eb(),x=eb(),y=eb(),z=function(a,b){return a===b&&(j=!0),0},A="undefined",B=1<<31,C={}.hasOwnProperty,D=[],E=D.pop,F=D.push,G=D.push,H=D.slice,I=D.indexOf||function(a){for(var b=0,c=this.length;c>b;b++)if(this[b]===a)return b;return-1},J="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",K="[\\x20\\t\\r\\n\\f]",L="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",M=L.replace("w","w#"),N="\\["+K+"*("+L+")"+K+"*(?:([*^$|!~]?=)"+K+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+M+")|)|)"+K+"*\\]",O=":("+L+")(?:\\(((['\"])((?:\\\\.|[^\\\\])*?)\\3|((?:\\\\.|[^\\\\()[\\]]|"+N.replace(3,8)+")*)|.*)\\)|)",P=new RegExp("^"+K+"+|((?:^|[^\\\\])(?:\\\\.)*)"+K+"+$","g"),Q=new RegExp("^"+K+"*,"+K+"*"),R=new RegExp("^"+K+"*([>+~]|"+K+")"+K+"*"),S=new RegExp("="+K+"*([^\\]'\"]*?)"+K+"*\\]","g"),T=new RegExp(O),U=new RegExp("^"+M+"$"),V={ID:new RegExp("^#("+L+")"),CLASS:new RegExp("^\\.("+L+")"),TAG:new RegExp("^("+L.replace("w","w*")+")"),ATTR:new RegExp("^"+N),PSEUDO:new RegExp("^"+O),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+K+"*(even|odd|(([+-]|)(\\d*)n|)"+K+"*(?:([+-]|)"+K+"*(\\d+)|))"+K+"*\\)|)","i"),bool:new RegExp("^(?:"+J+")$","i"),needsContext:new RegExp("^"+K+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+K+"*((?:-\\d)?\\d*)"+K+"*\\)|)(?=[^-]|$)","i")},W=/^(?:input|select|textarea|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,$=/[+~]/,_=/'|\\/g,ab=new RegExp("\\\\([\\da-f]{1,6}"+K+"?|("+K+")|.)","ig"),bb=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)};try{G.apply(D=H.call(t.childNodes),t.childNodes),D[t.childNodes.length].nodeType}catch(cb){G={apply:D.length?function(a,b){F.apply(a,H.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function db(a,b,d,e){var f,g,h,i,j,m,p,q,u,v;if((b?b.ownerDocument||b:t)!==l&&k(b),b=b||l,d=d||[],!a||"string"!=typeof a)return d;if(1!==(i=b.nodeType)&&9!==i)return[];if(n&&!e){if(f=Z.exec(a))if(h=f[1]){if(9===i){if(g=b.getElementById(h),!g||!g.parentNode)return d;if(g.id===h)return d.push(g),d}else if(b.ownerDocument&&(g=b.ownerDocument.getElementById(h))&&r(b,g)&&g.id===h)return d.push(g),d}else{if(f[2])return G.apply(d,b.getElementsByTagName(a)),d;if((h=f[3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(h)),d}if(c.qsa&&(!o||!o.test(a))){if(q=p=s,u=b,v=9===i&&a,1===i&&"object"!==b.nodeName.toLowerCase()){m=ob(a),(p=b.getAttribute("id"))?q=p.replace(_,"\\$&"):b.setAttribute("id",q),q="[id='"+q+"'] ",j=m.length;while(j--)m[j]=q+pb(m[j]);u=$.test(a)&&mb(b.parentNode)||b,v=m.join(",")}if(v)try{return G.apply(d,u.querySelectorAll(v)),d}catch(w){}finally{p||b.removeAttribute("id")}}}return xb(a.replace(P,"$1"),b,d,e)}function eb(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function fb(a){return a[s]=!0,a}function gb(a){var b=l.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function hb(a,b){var c=a.split("|"),e=a.length;while(e--)d.attrHandle[c[e]]=b}function ib(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||B)-(~a.sourceIndex||B);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function jb(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function kb(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function lb(a){return fb(function(b){return b=+b,fb(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function mb(a){return a&&typeof a.getElementsByTagName!==A&&a}c=db.support={},f=db.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},k=db.setDocument=function(a){var b,e=a?a.ownerDocument||a:t,g=e.defaultView;return e!==l&&9===e.nodeType&&e.documentElement?(l=e,m=e.documentElement,n=!f(e),g&&g!==g.top&&(g.addEventListener?g.addEventListener("unload",function(){k()},!1):g.attachEvent&&g.attachEvent("onunload",function(){k()})),c.attributes=gb(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=gb(function(a){return a.appendChild(e.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=Y.test(e.getElementsByClassName)&&gb(function(a){return a.innerHTML="<div class='a'></div><div class='a i'></div>",a.firstChild.className="i",2===a.getElementsByClassName("i").length}),c.getById=gb(function(a){return m.appendChild(a).id=s,!e.getElementsByName||!e.getElementsByName(s).length}),c.getById?(d.find.ID=function(a,b){if(typeof b.getElementById!==A&&n){var c=b.getElementById(a);return c&&c.parentNode?[c]:[]}},d.filter.ID=function(a){var b=a.replace(ab,bb);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(ab,bb);return function(a){var c=typeof a.getAttributeNode!==A&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return typeof b.getElementsByTagName!==A?b.getElementsByTagName(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return typeof b.getElementsByClassName!==A&&n?b.getElementsByClassName(a):void 0},p=[],o=[],(c.qsa=Y.test(e.querySelectorAll))&&(gb(function(a){a.innerHTML="<select t=''><option selected=''></option></select>",a.querySelectorAll("[t^='']").length&&o.push("[*^$]="+K+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||o.push("\\["+K+"*(?:value|"+J+")"),a.querySelectorAll(":checked").length||o.push(":checked")}),gb(function(a){var b=e.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&o.push("name"+K+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||o.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),o.push(",.*:")})),(c.matchesSelector=Y.test(q=m.webkitMatchesSelector||m.mozMatchesSelector||m.oMatchesSelector||m.msMatchesSelector))&&gb(function(a){c.disconnectedMatch=q.call(a,"div"),q.call(a,"[s!='']:x"),p.push("!=",O)}),o=o.length&&new RegExp(o.join("|")),p=p.length&&new RegExp(p.join("|")),b=Y.test(m.compareDocumentPosition),r=b||Y.test(m.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},z=b?function(a,b){if(a===b)return j=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===e||a.ownerDocument===t&&r(t,a)?-1:b===e||b.ownerDocument===t&&r(t,b)?1:i?I.call(i,a)-I.call(i,b):0:4&d?-1:1)}:function(a,b){if(a===b)return j=!0,0;var c,d=0,f=a.parentNode,g=b.parentNode,h=[a],k=[b];if(!f||!g)return a===e?-1:b===e?1:f?-1:g?1:i?I.call(i,a)-I.call(i,b):0;if(f===g)return ib(a,b);c=a;while(c=c.parentNode)h.unshift(c);c=b;while(c=c.parentNode)k.unshift(c);while(h[d]===k[d])d++;return d?ib(h[d],k[d]):h[d]===t?-1:k[d]===t?1:0},e):l},db.matches=function(a,b){return db(a,null,null,b)},db.matchesSelector=function(a,b){if((a.ownerDocument||a)!==l&&k(a),b=b.replace(S,"='$1']"),!(!c.matchesSelector||!n||p&&p.test(b)||o&&o.test(b)))try{var d=q.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return db(b,l,null,[a]).length>0},db.contains=function(a,b){return(a.ownerDocument||a)!==l&&k(a),r(a,b)},db.attr=function(a,b){(a.ownerDocument||a)!==l&&k(a);var e=d.attrHandle[b.toLowerCase()],f=e&&C.call(d.attrHandle,b.toLowerCase())?e(a,b,!n):void 0;return void 0!==f?f:c.attributes||!n?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},db.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},db.uniqueSort=function(a){var b,d=[],e=0,f=0;if(j=!c.detectDuplicates,i=!c.sortStable&&a.slice(0),a.sort(z),j){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return i=null,a},e=db.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=db.selectors={cacheLength:50,createPseudo:fb,match:V,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(ab,bb),a[3]=(a[4]||a[5]||"").replace(ab,bb),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||db.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&db.error(a[0]),a},PSEUDO:function(a){var b,c=!a[5]&&a[2];return V.CHILD.test(a[0])?null:(a[3]&&void 0!==a[4]?a[2]=a[4]:c&&T.test(c)&&(b=ob(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(ab,bb).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=w[a+" "];return b||(b=new RegExp("(^|"+K+")"+a+"("+K+"|$)"))&&w(a,function(a){return b.test("string"==typeof a.className&&a.className||typeof a.getAttribute!==A&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=db.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),t=!i&&!h;if(q){if(f){while(p){l=b;while(l=l[p])if(h?l.nodeName.toLowerCase()===r:1===l.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&t){k=q[s]||(q[s]={}),j=k[a]||[],n=j[0]===u&&j[1],m=j[0]===u&&j[2],l=n&&q.childNodes[n];while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if(1===l.nodeType&&++m&&l===b){k[a]=[u,n,m];break}}else if(t&&(j=(b[s]||(b[s]={}))[a])&&j[0]===u)m=j[1];else while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if((h?l.nodeName.toLowerCase()===r:1===l.nodeType)&&++m&&(t&&((l[s]||(l[s]={}))[a]=[u,m]),l===b))break;return m-=e,m===d||m%d===0&&m/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||db.error("unsupported pseudo: "+a);return e[s]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?fb(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=I.call(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:fb(function(a){var b=[],c=[],d=g(a.replace(P,"$1"));return d[s]?fb(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),!c.pop()}}),has:fb(function(a){return function(b){return db(a,b).length>0}}),contains:fb(function(a){return function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:fb(function(a){return U.test(a||"")||db.error("unsupported lang: "+a),a=a.replace(ab,bb).toLowerCase(),function(b){var c;do if(c=n?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===m},focus:function(a){return a===l.activeElement&&(!l.hasFocus||l.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return X.test(a.nodeName)},input:function(a){return W.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:lb(function(){return[0]}),last:lb(function(a,b){return[b-1]}),eq:lb(function(a,b,c){return[0>c?c+b:c]}),even:lb(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:lb(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:lb(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:lb(function(a,b,c){for(var d=0>c?c+b:c;++d<b;)a.push(d);return a})}},d.pseudos.nth=d.pseudos.eq;for(b in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})d.pseudos[b]=jb(b);for(b in{submit:!0,reset:!0})d.pseudos[b]=kb(b);function nb(){}nb.prototype=d.filters=d.pseudos,d.setFilters=new nb;function ob(a,b){var c,e,f,g,h,i,j,k=x[a+" "];if(k)return b?0:k.slice(0);h=a,i=[],j=d.preFilter;while(h){(!c||(e=Q.exec(h)))&&(e&&(h=h.slice(e[0].length)||h),i.push(f=[])),c=!1,(e=R.exec(h))&&(c=e.shift(),f.push({value:c,type:e[0].replace(P," ")}),h=h.slice(c.length));for(g in d.filter)!(e=V[g].exec(h))||j[g]&&!(e=j[g](e))||(c=e.shift(),f.push({value:c,type:g,matches:e}),h=h.slice(c.length));if(!c)break}return b?h.length:h?db.error(a):x(a,i).slice(0)}function pb(a){for(var b=0,c=a.length,d="";c>b;b++)d+=a[b].value;return d}function qb(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=v++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j=[u,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(i=b[s]||(b[s]={}),(h=i[d])&&h[0]===u&&h[1]===f)return j[2]=h[2];if(i[d]=j,j[2]=a(b,c,g))return!0}}}function rb(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function sb(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(!c||c(f,d,e))&&(g.push(f),j&&b.push(h));return g}function tb(a,b,c,d,e,f){return d&&!d[s]&&(d=tb(d)),e&&!e[s]&&(e=tb(e,f)),fb(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||wb(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:sb(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=sb(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?I.call(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=sb(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):G.apply(g,r)})}function ub(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],i=g||d.relative[" "],j=g?1:0,k=qb(function(a){return a===b},i,!0),l=qb(function(a){return I.call(b,a)>-1},i,!0),m=[function(a,c,d){return!g&&(d||c!==h)||((b=c).nodeType?k(a,c,d):l(a,c,d))}];f>j;j++)if(c=d.relative[a[j].type])m=[qb(rb(m),c)];else{if(c=d.filter[a[j].type].apply(null,a[j].matches),c[s]){for(e=++j;f>e;e++)if(d.relative[a[e].type])break;return tb(j>1&&rb(m),j>1&&pb(a.slice(0,j-1).concat({value:" "===a[j-2].type?"*":""})).replace(P,"$1"),c,e>j&&ub(a.slice(j,e)),f>e&&ub(a=a.slice(e)),f>e&&pb(a))}m.push(c)}return rb(m)}function vb(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,i,j,k){var m,n,o,p=0,q="0",r=f&&[],s=[],t=h,v=f||e&&d.find.TAG("*",k),w=u+=null==t?1:Math.random()||.1,x=v.length;for(k&&(h=g!==l&&g);q!==x&&null!=(m=v[q]);q++){if(e&&m){n=0;while(o=a[n++])if(o(m,g,i)){j.push(m);break}k&&(u=w)}c&&((m=!o&&m)&&p--,f&&r.push(m))}if(p+=q,c&&q!==p){n=0;while(o=b[n++])o(r,s,g,i);if(f){if(p>0)while(q--)r[q]||s[q]||(s[q]=E.call(j));s=sb(s)}G.apply(j,s),k&&!f&&s.length>0&&p+b.length>1&&db.uniqueSort(j)}return k&&(u=w,h=t),r};return c?fb(f):f}g=db.compile=function(a,b){var c,d=[],e=[],f=y[a+" "];if(!f){b||(b=ob(a)),c=b.length;while(c--)f=ub(b[c]),f[s]?d.push(f):e.push(f);f=y(a,vb(e,d))}return f};function wb(a,b,c){for(var d=0,e=b.length;e>d;d++)db(a,b[d],c);return c}function xb(a,b,e,f){var h,i,j,k,l,m=ob(a);if(!f&&1===m.length){if(i=m[0]=m[0].slice(0),i.length>2&&"ID"===(j=i[0]).type&&c.getById&&9===b.nodeType&&n&&d.relative[i[1].type]){if(b=(d.find.ID(j.matches[0].replace(ab,bb),b)||[])[0],!b)return e;a=a.slice(i.shift().value.length)}h=V.needsContext.test(a)?0:i.length;while(h--){if(j=i[h],d.relative[k=j.type])break;if((l=d.find[k])&&(f=l(j.matches[0].replace(ab,bb),$.test(i[0].type)&&mb(b.parentNode)||b))){if(i.splice(h,1),a=f.length&&pb(i),!a)return G.apply(e,f),e;break}}}return g(a,m)(f,b,!n,e,$.test(a)&&mb(b.parentNode)||b),e}return c.sortStable=s.split("").sort(z).join("")===s,c.detectDuplicates=!!j,k(),c.sortDetached=gb(function(a){return 1&a.compareDocumentPosition(l.createElement("div"))}),gb(function(a){return a.innerHTML="<a href='#'></a>","#"===a.firstChild.getAttribute("href")})||hb("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&gb(function(a){return a.innerHTML="<input/>",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||hb("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),gb(function(a){return null==a.getAttribute("disabled")})||hb(J,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),db}(a);n.find=t,n.expr=t.selectors,n.expr[":"]=n.expr.pseudos,n.unique=t.uniqueSort,n.text=t.getText,n.isXMLDoc=t.isXML,n.contains=t.contains;var u=n.expr.match.needsContext,v=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,w=/^.[^:#\[\.,]*$/;function x(a,b,c){if(n.isFunction(b))return n.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return n.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(w.test(b))return n.filter(b,a,c);b=n.filter(b,a)}return n.grep(a,function(a){return n.inArray(a,b)>=0!==c})}n.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?n.find.matchesSelector(d,a)?[d]:[]:n.find.matches(a,n.grep(b,function(a){return 1===a.nodeType}))},n.fn.extend({find:function(a){var b,c=[],d=this,e=d.length;if("string"!=typeof a)return this.pushStack(n(a).filter(function(){for(b=0;e>b;b++)if(n.contains(d[b],this))return!0}));for(b=0;e>b;b++)n.find(a,d[b],c);return c=this.pushStack(e>1?n.unique(c):c),c.selector=this.selector?this.selector+" "+a:a,c},filter:function(a){return this.pushStack(x(this,a||[],!1))},not:function(a){return this.pushStack(x(this,a||[],!0))},is:function(a){return!!x(this,"string"==typeof a&&u.test(a)?n(a):a||[],!1).length}});var y,z=a.document,A=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,B=n.fn.init=function(a,b){var c,d;if(!a)return this;if("string"==typeof a){if(c="<"===a.charAt(0)&&">"===a.charAt(a.length-1)&&a.length>=3?[null,a,null]:A.exec(a),!c||!c[1]&&b)return!b||b.jquery?(b||y).find(a):this.constructor(b).find(a);if(c[1]){if(b=b instanceof n?b[0]:b,n.merge(this,n.parseHTML(c[1],b&&b.nodeType?b.ownerDocument||b:z,!0)),v.test(c[1])&&n.isPlainObject(b))for(c in b)n.isFunction(this[c])?this[c](b[c]):this.attr(c,b[c]);return this}if(d=z.getElementById(c[2]),d&&d.parentNode){if(d.id!==c[2])return y.find(a);this.length=1,this[0]=d}return this.context=z,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):n.isFunction(a)?"undefined"!=typeof y.ready?y.ready(a):a(n):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),n.makeArray(a,this))};B.prototype=n.fn,y=n(z);var C=/^(?:parents|prev(?:Until|All))/,D={children:!0,contents:!0,next:!0,prev:!0};n.extend({dir:function(a,b,c){var d=[],e=a[b];while(e&&9!==e.nodeType&&(void 0===c||1!==e.nodeType||!n(e).is(c)))1===e.nodeType&&d.push(e),e=e[b];return d},sibling:function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c}}),n.fn.extend({has:function(a){var b,c=n(a,this),d=c.length;return this.filter(function(){for(b=0;d>b;b++)if(n.contains(this,c[b]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=u.test(a)||"string"!=typeof a?n(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&n.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?n.unique(f):f)},index:function(a){return a?"string"==typeof a?n.inArray(this[0],n(a)):n.inArray(a.jquery?a[0]:a,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(n.unique(n.merge(this.get(),n(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function E(a,b){do a=a[b];while(a&&1!==a.nodeType);return a}n.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return n.dir(a,"parentNode")},parentsUntil:function(a,b,c){return n.dir(a,"parentNode",c)},next:function(a){return E(a,"nextSibling")},prev:function(a){return E(a,"previousSibling")},nextAll:function(a){return n.dir(a,"nextSibling")},prevAll:function(a){return n.dir(a,"previousSibling")},nextUntil:function(a,b,c){return n.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return n.dir(a,"previousSibling",c)},siblings:function(a){return n.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return n.sibling(a.firstChild)},contents:function(a){return n.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:n.merge([],a.childNodes)}},function(a,b){n.fn[a]=function(c,d){var e=n.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=n.filter(d,e)),this.length>1&&(D[a]||(e=n.unique(e)),C.test(a)&&(e=e.reverse())),this.pushStack(e)}});var F=/\S+/g,G={};function H(a){var b=G[a]={};return n.each(a.match(F)||[],function(a,c){b[c]=!0}),b}n.Callbacks=function(a){a="string"==typeof a?G[a]||H(a):n.extend({},a);var b,c,d,e,f,g,h=[],i=!a.once&&[],j=function(l){for(c=a.memory&&l,d=!0,f=g||0,g=0,e=h.length,b=!0;h&&e>f;f++)if(h[f].apply(l[0],l[1])===!1&&a.stopOnFalse){c=!1;break}b=!1,h&&(i?i.length&&j(i.shift()):c?h=[]:k.disable())},k={add:function(){if(h){var d=h.length;!function f(b){n.each(b,function(b,c){var d=n.type(c);"function"===d?a.unique&&k.has(c)||h.push(c):c&&c.length&&"string"!==d&&f(c)})}(arguments),b?e=h.length:c&&(g=d,j(c))}return this},remove:function(){return h&&n.each(arguments,function(a,c){var d;while((d=n.inArray(c,h,d))>-1)h.splice(d,1),b&&(e>=d&&e--,f>=d&&f--)}),this},has:function(a){return a?n.inArray(a,h)>-1:!(!h||!h.length)},empty:function(){return h=[],e=0,this},disable:function(){return h=i=c=void 0,this},disabled:function(){return!h},lock:function(){return i=void 0,c||k.disable(),this},locked:function(){return!i},fireWith:function(a,c){return!h||d&&!i||(c=c||[],c=[a,c.slice?c.slice():c],b?i.push(c):j(c)),this},fire:function(){return k.fireWith(this,arguments),this},fired:function(){return!!d}};return k},n.extend({Deferred:function(a){var b=[["resolve","done",n.Callbacks("once memory"),"resolved"],["reject","fail",n.Callbacks("once memory"),"rejected"],["notify","progress",n.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return n.Deferred(function(c){n.each(b,function(b,f){var g=n.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&n.isFunction(a.promise)?a.promise().done(c.resolve).fail(c.reject).progress(c.notify):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?n.extend(a,d):d}},e={};return d.pipe=d.then,n.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=d.call(arguments),e=c.length,f=1!==e||a&&n.isFunction(a.promise)?e:0,g=1===f?a:n.Deferred(),h=function(a,b,c){return function(e){b[a]=this,c[a]=arguments.length>1?d.call(arguments):e,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(e>1)for(i=new Array(e),j=new Array(e),k=new Array(e);e>b;b++)c[b]&&n.isFunction(c[b].promise)?c[b].promise().done(h(b,k,c)).fail(g.reject).progress(h(b,j,i)):--f;return f||g.resolveWith(k,c),g.promise()}});var I;n.fn.ready=function(a){return n.ready.promise().done(a),this},n.extend({isReady:!1,readyWait:1,holdReady:function(a){a?n.readyWait++:n.ready(!0)},ready:function(a){if(a===!0?!--n.readyWait:!n.isReady){if(!z.body)return setTimeout(n.ready);n.isReady=!0,a!==!0&&--n.readyWait>0||(I.resolveWith(z,[n]),n.fn.trigger&&n(z).trigger("ready").off("ready"))}}});function J(){z.addEventListener?(z.removeEventListener("DOMContentLoaded",K,!1),a.removeEventListener("load",K,!1)):(z.detachEvent("onreadystatechange",K),a.detachEvent("onload",K))}function K(){(z.addEventListener||"load"===event.type||"complete"===z.readyState)&&(J(),n.ready())}n.ready.promise=function(b){if(!I)if(I=n.Deferred(),"complete"===z.readyState)setTimeout(n.ready);else if(z.addEventListener)z.addEventListener("DOMContentLoaded",K,!1),a.addEventListener("load",K,!1);else{z.attachEvent("onreadystatechange",K),a.attachEvent("onload",K);var c=!1;try{c=null==a.frameElement&&z.documentElement}catch(d){}c&&c.doScroll&&!function e(){if(!n.isReady){try{c.doScroll("left")}catch(a){return setTimeout(e,50)}J(),n.ready()}}()}return I.promise(b)};var L="undefined",M;for(M in n(l))break;l.ownLast="0"!==M,l.inlineBlockNeedsLayout=!1,n(function(){var a,b,c=z.getElementsByTagName("body")[0];c&&(a=z.createElement("div"),a.style.cssText="border:0;width:0;height:0;position:absolute;top:0;left:-9999px;margin-top:1px",b=z.createElement("div"),c.appendChild(a).appendChild(b),typeof b.style.zoom!==L&&(b.style.cssText="border:0;margin:0;width:1px;padding:1px;display:inline;zoom:1",(l.inlineBlockNeedsLayout=3===b.offsetWidth)&&(c.style.zoom=1)),c.removeChild(a),a=b=null)}),function(){var a=z.createElement("div");if(null==l.deleteExpando){l.deleteExpando=!0;try{delete a.test}catch(b){l.deleteExpando=!1}}a=null}(),n.acceptData=function(a){var b=n.noData[(a.nodeName+" ").toLowerCase()],c=+a.nodeType||1;return 1!==c&&9!==c?!1:!b||b!==!0&&a.getAttribute("classid")===b};var N=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,O=/([A-Z])/g;function P(a,b,c){if(void 0===c&&1===a.nodeType){var d="data-"+b.replace(O,"-$1").toLowerCase();if(c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:N.test(c)?n.parseJSON(c):c}catch(e){}n.data(a,b,c)}else c=void 0}return c}function Q(a){var b;for(b in a)if(("data"!==b||!n.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function R(a,b,d,e){if(n.acceptData(a)){var f,g,h=n.expando,i=a.nodeType,j=i?n.cache:a,k=i?a[h]:a[h]&&h;if(k&&j[k]&&(e||j[k].data)||void 0!==d||"string"!=typeof b)return k||(k=i?a[h]=c.pop()||n.guid++:h),j[k]||(j[k]=i?{}:{toJSON:n.noop}),("object"==typeof b||"function"==typeof b)&&(e?j[k]=n.extend(j[k],b):j[k].data=n.extend(j[k].data,b)),g=j[k],e||(g.data||(g.data={}),g=g.data),void 0!==d&&(g[n.camelCase(b)]=d),"string"==typeof b?(f=g[b],null==f&&(f=g[n.camelCase(b)])):f=g,f
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L51

Insecure DOM Manipulation (XSS) in knockout-fast-foreach.js

CWE-79
File Location: lib/web/knockoutjs/knockout-fast-foreach.js:51
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- parentNode.innerHTML = sourceNode.text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L4780

Insecure DOM Manipulation (XSS) in knockout.js

CWE-79
File Location: lib/web/knockoutjs/knockout.js:4780
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- templateData.textData = templateData.containerData.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1141

Insecure DOM Manipulation (XSS) in window.js

CWE-79
File Location: lib/web/prototype/window.js:1141
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- win.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1217

Insecure DOM Manipulation (XSS) in DOMUtils.js

CWE-79
File Location: lib/web/tiny_mce/classes/dom/DOMUtils.js:1217
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tp.innerHTML = h;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L231

Insecure DOM Manipulation (XSS) in TridentSelection.js

CWE-79
File Location: lib/web/tiny_mce/classes/dom/TridentSelection.js:231
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element.innerHTML = element.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1660

Insecure DOM Manipulation (XSS) in firebug-lite.js

CWE-79
File Location: lib/web/tiny_mce/classes/firebug/firebug-lite.js:1660
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- if(el.left.dom.container.environment.getElement().innerHTML==""){
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L13

Insecure DOM Manipulation (XSS) in advlink.js

CWE-79
File Location: lib/web/tiny_mce/plugins/advlink/js/advlink.js:13
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.write('<script language="javascript" type="text/javascript" src="' + tinyMCEPopup.editor.documentBaseURI.toAbsolute(url) + '"></script>');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L32

Insecure DOM Manipulation (XSS) in advlink.js

CWE-79
File Location: lib/web/tiny_mce/plugins/advlink/js/advlink.js:32
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('popupurlbrowsercontainer').innerHTML = getBrowserHTML('popupurlbrowser','popupurl','file','advlink');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L74

Insecure DOM Manipulation (XSS) in media.js

CWE-79
File Location: lib/web/tiny_mce/plugins/media/js/media.js:74
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- get('filebrowsercontainer').innerHTML = getBrowserHTML('filebrowser','src','media','media');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L670

Insecure DOM Manipulation (XSS) in editor_plugin_src.js

CWE-79
File Location: lib/web/tiny_mce/plugins/paste/editor_plugin_src.js:670
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- val = p.innerHTML.replace(/<\/?\w+[^>]*>/gi, '').replace(/&nbsp;/g, '\u00a0');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L734

Insecure DOM Manipulation (XSS) in editor_plugin_src.js

CWE-79
File Location: lib/web/tiny_mce/plugins/paste/editor_plugin_src.js:734
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- o.node.innerHTML = html.replace(/__MCE_ITEM__/g, '');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L340

Insecure DOM Manipulation (XSS) in editor_plugin_src.js

CWE-79
File Location: lib/web/tiny_mce/plugins/spellchecker/editor_plugin_src.js:340
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- var word = wordSpan.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L59

Insecure DOM Manipulation (XSS) in about.js

CWE-79
File Location: lib/web/tiny_mce/themes/advanced/js/about.js:59
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tinyMCEPopup.dom.get('date').innerHTML = tinymce.releaseDate;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L4521

Insecure DOM Manipulation (XSS) in tiny_mce_jquery_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_jquery_src.js:4521
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element.innerHTML = '<br />' + html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L5954

Insecure DOM Manipulation (XSS) in tiny_mce_jquery_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_jquery_src.js:5954
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element2.innerHTML = element2.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L5743

Insecure DOM Manipulation (XSS) in tiny_mce_prototype_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_prototype_src.js:5743
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element.innerHTML = element.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L6896

Insecure DOM Manipulation (XSS) in tiny_mce_prototype_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_prototype_src.js:6896
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<div class='test e'></div><div class='test'></div>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L14153

Insecure DOM Manipulation (XSS) in tiny_mce_prototype_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_prototype_src.js:14153
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- n = sn.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L14154

Insecure DOM Manipulation (XSS) in tiny_mce_prototype_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_prototype_src.js:14154
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- sn.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L6836

Insecure DOM Manipulation (XSS) in tiny_mce_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_src.js:6836
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<p class='TEST'></p>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L14127

Insecure DOM Manipulation (XSS) in tiny_mce_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_src.js:14127
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- n = sn.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L2692

Insecure DOM Manipulation (XSS) in angular.js

CWE-79
File Location: setup/pub/angular/angular.js:2692
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element.innerHTML = value;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L25

Insecure DOM Manipulation (XSS) in angular.min.js

CWE-79
File Location: setup/pub/angular/angular.min.js:25
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- var g=Ba.fn[b],g=g.$original||g;e.$original=g;Ba.fn[b]=e}function M(b){if(b instanceof M)return b;C(b)&&(b=ba(b));if(!(this instanceof M)){if(C(b)&&"<"!=b.charAt(0))throw Eb("nosel");return new M(b)}if(C(b)){var a=b;b=U;var c;if(c=je.exec(a))b=[b.createElement(c[1])];else{var d=b,e;b=d.createDocumentFragment();c=[];if(Fb.test(a)){d=b.appendChild(d.createElement("div"));e=(ke.exec(a)||["",""])[1].toLowerCase();e=ea[e]||ea._default;d.innerHTML="<div>&#160;</div>"+e[1]+a.replace(le,"<$1></$2>")+e[2];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L225

Insecure DOM Manipulation (XSS) in configure.js

CWE-79
File Location: app/code/Magento/Catalog/view/adminhtml/web/catalog/product/composite/configure.js:225
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.blockMsgError.innerHTML = response.message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L217

Insecure DOM Manipulation (XSS) in packaging.js

CWE-79
File Location: app/code/Magento/Shipping/view/adminhtml/web/order/packaging.js:217
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.messages.show().innerHTML = response.message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L9148

Insecure DOM Manipulation (XSS) in swagger-ui.js

CWE-79
File Location: app/code/Magento/Swagger/view/frontend/web/swagger-ui/js/swagger-ui.js:9148
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- docElem.appendChild(div).innerHTML = '<a id=\'' + expando + '\'></a>' +
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L13789

Insecure DOM Manipulation (XSS) in swagger-ui.js

CWE-79
File Location: app/code/Magento/Swagger/view/frontend/web/swagger-ui/js/swagger-ui.js:13789
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L724

Insecure DOM Manipulation (XSS) in qunit-1.14.0.js

CWE-79
File Location: dev/tests/js/JsTestDriver/framework/qunit/qunit-1.14.0.js:724
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- urlConfigContainer.innerHTML = urlConfigHtml;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L4

Insecure DOM Manipulation (XSS) in fotorama.min.js

CWE-79
File Location: lib/web/fotorama/fotorama.min.js:4
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- fotoramaVersion="4.6.4",function(a,b,c,d,e){"use strict";function Ba(a){var b="bez_"+d.makeArray(arguments).join("_").replace(".","p");if("function"!=typeof d.easing[b]){var c=function(a,b){var c=[null,null],d=[null,null],e=[null,null],f=function(f,g){return e[g]=3*a[g],d[g]=3*(b[g]-a[g])-e[g],c[g]=1-e[g]-d[g],f*(e[g]+f*(d[g]+f*c[g]))},g=function(a){return e[0]+a*(2*d[0]+3*c[0]*a)},h=function(a){for(var d,b=a,c=0;++c<14&&(d=f(b,0)-a,!(Math.abs(d)<.001));)b-=d/g(b);return b};return function(a){return f(h(a),1)}};d.easing[b]=function(b,d,e,f,g){return f*c([a[0],a[1]],[a[2],a[3]])(d/g)+e}}return b}function eb(){}function fb(a,b,c){return Math.max(isNaN(b)?-(1/0):b,Math.min(isNaN(c)?1/0:c,a))}function gb(a,b){return a.match(/ma/)&&a.match(/-?\d+(?!d)/g)[a.match(/3d/)?"vertical"===b?13:12:"vertical"===b?5:4]}function hb(a,b){return Ia?+gb(a.css("transform"),b):+a.css("vertical"===b?"top":"left").replace("px","")}function ib(a,b){var c={};if(Ia)switch(b){case"vertical":c.transform="translate3d(0, "+a+"px,0)";break;case"list":break;default:c.transform="translate3d("+a+"px,0,0)"}else"vertical"===b?c.top=a:c.left=a;return c}function jb(a){return{"transition-duration":a+"ms"}}function kb(a,b){return isNaN(a)?b:a}function lb(a,b){return kb(+String(a).replace(b||"px",""))}function mb(a){return/%$/.test(a)?lb(a,"%"):e}function nb(a,b){return kb(mb(a)/100*b,lb(a))}function ob(a){return(!isNaN(lb(a))||!isNaN(lb(a,"%")))&&a}function pb(a,b,c,d){return(a-(d||0))*(b+(c||0))}function qb(a,b,c,d){return-Math.round(a/(b+(c||0))-(d||0))}function rb(a){var b=a.data();if(!b.tEnd){var c=a[0],d={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",msTransition:"MSTransitionEnd",transition:"transitionend"};Rb(c,d[wa.prefixed("transition")],function(a){b.tProp&&a.propertyName.match(b.tProp)&&b.onEndFn()}),b.tEnd=!0}}function sb(a,b,c,d){var e,f=a.data();f&&(f.onEndFn=function(){e||(e=!0,clearTimeout(f.tT),c())},f.tProp=b,clearTimeout(f.tT),f.tT=setTimeout(function(){f.onEndFn()},1.5*d),rb(a))}function tb(a,b){var c=a.navdir||"horizontal";if(a.length){var d=a.data();Ia?(a.css(jb(0)),d.onEndFn=eb,clearTimeout(d.tT)):a.stop();var e=ub(b,function(){return hb(a,c)});return a.css(ib(e,c)),e}}function ub(){for(var a,b=0,c=arguments.length;b<c&&(a=b?arguments[b]():arguments[b],"number"!=typeof a);b++);return a}function vb(a,b){return Math.round(a+(b-a)/1.5)}function wb(){return wb.p=wb.p||("https:"===c.protocol?"https://":"http://"),wb.p}function xb(a){var c=b.createElement("a");return c.href=a,c}function yb(a,b){if("string"!=typeof a)return a;a=xb(a);var c,d;if(a.host.match(/youtube\.com/)&&a.search){if(c=a.search.split("v=")[1]){var e=c.indexOf("&");e!==-1&&(c=c.substring(0,e)),d="youtube"}}else a.host.match(/youtube\.com|youtu\.be/)?(c=a.pathname.replace(/^\/(embed\/|v\/)?/,"").replace(/\/.*/,""),d="youtube"):a.host.match(/vimeo\.com/)&&(d="vimeo",c=a.pathname.replace(/^\/(video\/)?/,"").replace(/\/.*/,""));return c&&d||!b||(c=a.href,d="custom"),!!c&&{id:c,type:d,s:a.search.replace(/^\?/,""),p:wb()}}function zb(a,b,c){var e,f,g=a.video;return"youtube"===g.type?(f=wb()+"img.youtube.com/vi/"+g.id+"/default.jpg",e=f.replace(/\/default.jpg$/,"/hqdefault.jpg"),a.thumbsReady=!0):"vimeo"===g.type?d.ajax({url:wb()+"vimeo.com/api/v2/video/"+g.id+".json",dataType:"jsonp",success:function(d){a.thumbsReady=!0,Ab(b,{img:d[0].thumbnail_large,thumb:d[0].thumbnail_small},a.i,c)}}):a.thumbsReady=!0,{img:e,thumb:f}}function Ab(a,b,c,e){for(var f=0,g=a.length;f<g;f++){var h=a[f];if(h.i===c&&h.thumbsReady){var i={videoReady:!0};i[Xa]=i[Za]=i[Ya]=!1,e.splice(f,1,d.extend({},h,i,b));break}}}function Bb(a){function c(a,b,c){var f=a.children("img").eq(0),g=a.attr("href"),h=a.attr("src"),i=f.attr("src"),j=b.video,k=!!c&&yb(g,j===!0);k?g=!1:k=j,e(a,f,d.extend(b,{video:k,img:b.img||g||h||i,thumb:b.thumb||i||h||g}))}function e(a,b,c){var e=c.thumb&&c.img!==c.thumb,f=lb(c.width||a.attr("width")),g=lb(c.height||a.attr("height"));d.extend(c,{width:f,height:g,thumbratio:Qb(c.thumbratio||lb(c.thumbwidth||b&&b.attr("width")||e||f)/lb(c.thumbheight||b&&b.attr("height")||e||g))})}var b=[];return a.children().each(function(){var a=d(this),f=Pb(d.extend(a.data(),{id:a.attr("id")}));if(a.is("a, img"))c(a,f,!0);else{if(a.is(":empty"))return;e(a,null,d.extend(f,{html:this,_html:a.html()}))}b.push(f)}),b}function Cb(a){return 0===a.offsetWidth&&0===a.offsetHeight}function Db(a){return!d.contains(b.documentElement,a)}function Eb(a,b,c,d){return Eb.i||(Eb.i=1,Eb.ii=[!0]),d=d||Eb.i,"undefined"==typeof Eb.ii[d]&&(Eb.ii[d]=!0),a()?b():Eb.ii[d]&&setTimeout(function(){Eb.ii[d]&&Eb(a,b,c,d)},c||100),Eb.i++}function Fb(a,b){var c=a.data(),d=c.measures;if(d&&(!c.l||c.l.W!==d.width||c.l.H!==d.height||c.l.r!==d.ratio||c.l.w!==b.w||c.l.h!==b.h)){var e=fb(b.h,0,d.height),f=e*d.ratio;$b.setRatio(a,f,e),c.l={W:d.width,H:d.height,r:d.ratio,w:b.w,h:b.h}}return!0}function Gb(a,b){var c=a[0];c.styleSheet?c.styleSheet.cssText=b:a.html(b)}function Hb(a,b,c,d){return b!==c&&("vertical"===d?a<=b?"top":a>=c?"bottom":"top bottom":a<=b?"left":a>=c?"right":"left right")}function Ib(a,b,c){c=c||{},a.each(function(){var f,a=d(this),e=a.data();e.clickOn||(e.clickOn=!0,d.extend(hc(a,{onStart:function(a){f=a,(c.onStart||eb).call(this,a)},onMove:c.onMove||eb,onTouchEnd:c.onTouchEnd||eb,onEnd:function(a){a.moved||b.call(this,f)}}),{noMove:!0}))})}function Jb(a,b){return'<div class="'+a+'">'+(b||"")+"</div>"}function Kb(a){return"."+a}function Lb(a){var b='<iframe src="'+a.p+a.type+".com/embed/"+a.id+'" frameborder="0" allowfullscreen></iframe>';return b}function Mb(a){for(var b=a.length;b;){var c=Math.floor(Math.random()*b--),d=a[b];a[b]=a[c],a[c]=d}return a}function Nb(a){return"[object Array]"==Object.prototype.toString.call(a)&&d.map(a,function(a){return d.extend({},a)})}function Ob(a,b,c){a.scrollLeft(b||0).scrollTop(c||0)}function Pb(a){if(a){var b={};return d.each(a,function(a,c){b[a.toLowerCase()]=c}),b}}function Qb(a){if(a){var b=+a;return isNaN(b)?(b=a.split("/"),+b[0]/+b[1]||e):b}}function Rb(a,b,c,d){b&&(a.addEventListener?a.addEventListener(b,c,!!d):a.attachEvent("on"+b,c))}function Sb(a,b){return a>b.max?a=b.max:a<b.min&&(a=b.min),a}function Tb(a,b,c,d,e,f,g){var h,i,j;return"horizontal"===g?(i=a.thumbwidth,j=f.width()):(i=a.thumbheight,j=f.height()),h=(i+a.margin)*(c+1)>=j-d?"horizontal"===g?-e.position().left:-e.position().top:(i+a.margin)*c<=Math.abs(d)?"horizontal"===g?-e.position().left+j-(i+a.margin):-e.position().top+j-(i+a.margin):d,h=Sb(h,b),h||0}function Ub(a){return!!a.getAttribute("disabled")}function Vb(a,b){return b?{disabled:a}:{tabindex:a*-1+"",disabled:a}}function Wb(a,b){Rb(a,"keyup",function(c){Ub(a)||13==c.keyCode&&b.call(a,c)})}function Xb(a,b){Rb(a,"focus",a.onfocusin=function(c){b.call(a,c)},!0)}function Yb(a,b){a.preventDefault?a.preventDefault():a.returnValue=!1,b&&a.stopPropagation&&a.stopPropagation()}function Zb(a){return a?">":"<"}function _b(a,b){var c=a.data(),e=Math.round(b.pos),f=function(){c&&c.sliding&&(c.sliding=!1),(b.onEnd||eb)()};"undefined"!=typeof b.overPos&&b.overPos!==b.pos&&(e=b.overPos);var g=d.extend(ib(e,b.direction),b.width&&{width:b.width},b.height&&{height:b.height});c&&c.sliding&&(c.sliding=!0),Ia?(a.css(d.extend(jb(b.time),g)),b.time>10?sb(a,"transform",f,b.time):f()):a.stop().animate(g,b.time,_a,f)}function ac(a,b,c,e,f,g){var h="undefined"!=typeof g;if(h||(f.push(arguments),Array.prototype.push.call(arguments,f.length),!(f.length>1))){a=a||d(a),b=b||d(b);var i=a[0],j=b[0],k="crossfade"===e.method,l=function(){if(!l.done){l.done=!0;var a=(h||f.shift())&&f.shift();a&&ac.apply(this,a),(e.onEnd||eb)(!!a)}},m=e.time/(g||1);c.removeClass(P+" "+O),a.stop().addClass(P),b.stop().addClass(O),k&&j&&a.fadeTo(0,0),a.fadeTo(k?m:0,1,k&&l),b.fadeTo(m,0,l),i&&k||j||l()}}function gc(a){var b=(a.touches||[])[0]||a;a._x=b.pageX||b.originalEvent.pageX,a._y=b.clientY||b.originalEvent.clientY,a._now=d.now()}function hc(a,c){function p(a){return i=d(a.target),f.checked=l=m=o=!1,g||f.flow||a.touches&&a.touches.length>1||a.which>1||bc&&bc.type!==a.type&&dc||(l=c.select&&i.is(c.select,e))?l:(k="touchstart"===a.type,m=i.is("a, a *",e),j=f.control,n=f.noMove||f.noSwipe||j?16:f.snap?0:4,gc(a),h=bc=a,cc=a.type.replace(/down|start/,"move").replace(/Down/,"Move"),(c.onStart||eb).call(e,a,{control:j,$target:i}),g=f.flow=!0,void(k&&!f.go||Yb(a)))}function q(a){if(a.touches&&a.touches.length>1||Na&&!a.isPrimary||cc!==a.type||!g)return g&&r(),void(c.onTouchEnd||eb)();gc(a);var b=Math.abs(a._x-h._x),d=Math.abs(a._y-h._y),i=b-d,j=(f.go||f.x||i>=0)&&!f.noSwipe,l=i<0;k&&!f.checked?(g=j)&&Yb(a):(Yb(a),(c.onMove||eb).call(e,a,{touch:k})),!o&&Math.sqrt(Math.pow(b,2)+Math.pow(d,2))>n&&(o=!0),f.checked=f.checked||j||l}function r(a){(c.onTouchEnd||eb)();var b=g;f.control=g=!1,b&&(f.flow=!1),!b||m&&!f.checked||(a&&Yb(a),dc=!0,clearTimeout(ec),ec=setTimeout(function(){dc=!1},1e3),(c.onEnd||eb).call(e,{moved:o,$target:i,control:j,touch:k,startEvent:h,aborted:!a||"MSPointerCancel"===a.type}))}function s(){f.flow||(f.flow=!0)}function t(){f.flow&&(f.flow=!1)}var g,h,i,j,k,l,m,n,o,e=a[0],f={};return Na?(Rb(e,"MSPointerDown",p),Rb(b,"MSPointerMove",q),Rb(b,"MSPointerCancel",r),Rb(b,"MSPointerUp",r)):(Rb(e,"touchstart",p),Rb(e,"touchmove",q),Rb(e,"touchend",r),Rb(b,"touchstart",s),Rb(b,"touchend",t),Rb(b,"touchcancel",t),Ca.on("scroll",t),a.on("mousedown pointerdown",p),Da.on("mousemove pointermove",q).on("mouseup pointerup",r)),fc=wa.touch?"a":"div",a.on("click",fc,function(a){f.checked&&Yb(a)}),f}function ic(a,b){function w(d,e){v=!0,g=h="vertical"===r?d._y:d._x,m=d._now,l=[[m,g]],i=j=f.noMove||e?0:tb(a,(b.getPos||eb)()),(b.onStart||eb).call(c,d)}function x(b,c){o=f.min,p=f.max,q=f.snap,r=f.direction||"horizontal",a.navdir=r,s=b.altKey,v=u=!1,t=c.control,t||e.sliding||w(b)}function y(d,e){f.noSwipe||(v||w(d),h="vertical"===r?d._y:d._x,l.push([d._now,h]),j=i-(g-h),k=Hb(j,o,p,r),j<=o?j=vb(j,o):j>=p&&(j=vb(j,p)),f.noMove||(a.css(ib(j,r)),u||(u=!0,e.touch||Na||a.addClass(ea)),(b.onMove||eb).call(c,d,{pos:j,edge:k})))}function z(e){if(!f.noSwipe||!e.moved){v||w(e.startEvent,!0),e.touch||Na||a.removeClass(ea),n=d.now();for(var k,m,t,x,y,z,A,B,D,g=n-Pa,u=null,C=Qa,E=b.friction,F=l.length-1;F>=0;F--){if(k=l[F][0],m=Math.abs(k-g),null===u||m<t)u=k,x=l[F][1];else if(u===g||m>t)break;t=m}A=fb(j,o,p);var G=x-h,H=G>=0,I=n-u,J=I>Pa,K=!J&&j!==i&&A===j;q&&(A=fb(Math[K?H?"floor":"ceil":"round"](j/q)*q,o,p),o=p=A),K&&(q||A===j)&&(D=-(G/I),C*=fb(Math.abs(D),b.timeLow,b.timeHigh),y=Math.round(j+D*C/E),q||(A=y),(!H&&y>p||H&&y<o)&&(z=H?o:p,B=y-z,q||(A=z),B=fb(A+.03*B,z-50,z+50),C=Math.abs((j-B)/(D/E)))),C*=s?10:1,(b.onEnd||eb).call(c,d.extend(e,{moved:e.moved||J&&q,pos:j,newPos:A,overPos:B,time:C,dir:r}))}}var g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,c=a[0],e=a.data(),f={};return f=d.extend(hc(b.$wrap,d.extend({},b,{onStart:x,onMove:y,onEnd:z})),f)}function jc(a,b){var e,f,g,c=a[0],h={prevent:{}};return Rb(c,Oa,function(a){var c=a.wheelDeltaY||-1*a.deltaY||0,i=a.wheelDeltaX||-1*a.deltaX||0,j=Math.abs(i)&&!Math.abs(c),k=Zb(i<0),l=f===k,m=d.now(),n=m-g<Pa;f=k,g=m,j&&h.ok&&(!h.prevent[k]||e)&&(Yb(a,!0),e&&l&&n||(b.shift&&(e=!0,clearTimeout(h.t),h.t=setTimeout(function(){e=!1},Ra)),(b.onEnd||eb)(a,b.shift?k:i)))}),h}function kc(){d.each(d.Fotorama.instances,function(a,b){b.index=a})}function lc(a){d.Fotorama.instances.push(a),kc()}function mc(a){d.Fotorama.instances.splice(a.index,1),kc()}var f="fotorama",g="fotorama__fullscreen",h=f+"__wrap",i=h+"--css2",j=h+"--css3",k=h+"--video",l=h+"--fade",m=h+"--slide",n=h+"--no-controls",o=h+"--no-shadows",p=h+"--pan-y",q=h+"--rtl",s=h+"--no-captions",t=h+"--toggle-arrows",u=f+"__stage",v=u+"__frame",w=v+"--video",x=u+"__shaft",y=f+"__grab",z=f+"__pointer",A=f+"__arr",B=A+"--disabled",C=A+"--prev",D=A+"--next",E=f+"__nav",F=E+"-wrap",G=E+"__shaft",H=F+"--vertical",I=F+"--list",J=F+"--horizontal",K=E+"--dots",L=E+"--thumbs",M=E+"__frame",N=f+"__fade",O=N+"-front",P=N+"-rear",Q=f+"__shadow",R=Q+"s",S=R+"--left",T=R+"--right",U=R+"--top",V=R+"--bottom",W=f+"__active",X=f+"__select",Y=f+"--hidden",Z=f+"--fullscreen",$=f+"__fullscreen-icon",_=f+"__error",aa=f+"__loading",ba=f+"__loaded",ca=ba+"--full",da=ba+"--img",ea=f+"__grabbing",fa=f+"__img",ga=fa+"--full",ha=f+"__thumb",ia=ha+"__arr--left",ja=ha+"__arr--right",ka=ha+"-border",la=f+"__html",ma=f+"-video-container",na=f+"__video",oa=na+"-play",pa=na+"-close",qa=f+"_horizontal_ratio",ra=f+"_vertical_ratio",sa=f+"__spinner",ta=sa+"--show",ua=d&&d.fn.jquery.split(".");if(!ua||ua[0]<1||1==ua[0]&&ua[1]<8)throw"Fotorama requires jQuery 1.8 or later and will not run without it.";var va={},wa=function(a,b,c){function y(a){i.cssText=a}function A(a,b){return typeof a===b}function B(a,b){return!!~(""+a).indexOf(b)}function C(a,b){for(var d in a){var e=a[d];if(!B(e,"-")&&i[e]!==c)return"pfx"!=b||e}return!1}function D(a,b,d){for(var e in a){var f=b[a[e]];if(f!==c)return d===!1?a[e]:A(f,"function")?f.bind(d||b):f}return!1}function E(a,b,c){var d=a.charAt(0).toUpperCase()+a.slice(1),e=(a+" "+n.join(d+" ")+d).split(" ");return A(b,"string")||A(b,"undefined")?C(e,b):(e=(a+" "+o.join(d+" ")+d).split(" "),D(e,b,c))}var j,u,x,d="2.8.3",e={},f=b.documentElement,g="modernizr",h=b.createElement(g),i=h.style,l=({}.toString," -webkit- -moz- -o- -ms- ".split(" ")),m="Webkit Moz O ms",n=m.split(" "),o=m.toLowerCase().split(" "),p={},s=[],t=s.slice,v=function(a,c,d,e){var h,i,j,k,l=b.createElement("div"),m=b.body,n=m||b.createElement("body");if(parseInt(d,10))for(;d--;)j=b.createElement("div"),j.id=e?e[d]:g+(d+1),l.appendChild(j);return h=["&#173;",'<style id="s',g,'">',a,"</style>"].join(""),l.id=g,(m?l:n).innerHTML+=h,n.appendChild(l),m||(n.style.background="",n.style.overflow="hidden",k=f.style.overflow,f.style.overflow="hidden",f.appendChild(n)),i=c(l,a),m?l.parentNode.removeChild(l):(n.parentNode.removeChild(n),f.style.overflow=k),!!i},w={}.hasOwnProperty;x=A(w,"undefined")||A(w.call,"undefined")?function(a,b){return b in a&&A(a.constructor.prototype[b],"undefined")}:function(a,b){return w.call(a,b)},Function.prototype.bind||(Function.prototype.bind=function(b){var c=this;if("function"!=typeof c)throw new TypeError;var d=t.call(arguments,1),e=function(){if(this instanceof e){var a=function(){};a.prototype=c.prototype;var f=new a,g=c.apply(f,d.concat(t.call(arguments)));return Object(g)===g?g:f}return c.apply(b,d.concat(t.call(arguments)))};return e}),p.touch=function(){var c;return"ontouchstart"in a||a.DocumentTouch&&b instanceof DocumentTouch?c=!0:v(["@media (",l.join("touch-enabled),("),g,")","{#modernizr{top:9px;position:absolute}}"].join(""),function(a){c=9===a.offsetTop}),c},p.csstransforms3d=function(){var a=!!E("perspective");return a&&"webkitPerspective"in f.style&&v("@media (transform-3d),(-webkit-transform-3d){#modernizr{left:9px;position:absolute;height:3px;}}",function(b,c){a=9===b.offsetLeft&&3===b.offsetHeight}),a},p.csstransitions=function(){return E("transition")};for(var F in p)x(p,F)&&(u=F.toLowerCase(),e[u]=p[F](),s.push((e[u]?"":"no-")+u));return e.addTest=function(a,b){if("object"==typeof a)for(var d in a)x(a,d)&&e.addTest(d,a[d]);else{if(a=a.toLowerCase(),e[a]!==c)return e;b="function"==typeof b?b():b,"undefined"!=typeof enableClasses&&enableClasses&&(f.className+=" "+(b?"":"no-")+a),e[a]=b}return e},y(""),h=j=null,e._version=d,e._prefixes=l,e._domPrefixes=o,e._cssomPrefixes=n,e.testProp=function(a){return C([a])},e.testAllProps=E,e.testStyles=v,e.prefixed=function(a,b,c){return b?E(a,b,c):E(a,"pfx")},e}(a,b),xa={ok:!1,is:function(){return!1},request:function(){},cancel:function(){},event:"",prefix:""},ya="webkit moz o ms khtml".split(" ");if("undefined"!=typeof b.cancelFullScreen)xa.ok=!0;else for(var za=0,Aa=ya.length;za<Aa;za++)if(xa.prefix=ya[za],"undefined"!=typeof b[xa.prefix+"CancelFullScreen"]){xa.ok=!0;break}xa.ok&&(xa.event=xa.prefix+"fullscreenchange",xa.is=function(){switch(this.prefix){case"":return b.fullScreen;case"webkit":return b.webkitIsFullScreen;default:return b[this.prefix+"FullScreen"]}},xa.request=function(a){return""===this.prefix?a.requestFullScreen():a[this.prefix+"RequestFullScreen"]()},xa.cancel=function(a){return""===this.prefix?b.cancelFullScreen():b[this.prefix+"CancelFullScreen"]()});var Ea,Fa,Ca=d(a),Da=d(b),Ga="quirks"===c.hash.replace("#",""),Ha=wa.csstransforms3d,Ia=Ha&&!Ga,Ja=Ha||"CSS1Compat"===b.compatMode,Ka=xa.ok,La=navigator.userAgent.match(/Android|webOS|iPhone|iPad|iPod|BlackBerry|Windows Phone/i),Ma=!Ia||La,Na=navigator.msPointerEnabled,Oa="onwheel"in b.createElement("div")?"wheel":b.onmousewheel!==e?"mousewheel":"DOMMouseScroll",Pa=250,Qa=300,Ra=1400,Sa=5e3,Ta=2,Ua=64,Va=500,Wa=333,Xa="$stageFrame",Ya="$navDotFrame",Za="$navThumbFrame",$a="auto",_a=Ba([.1,0,.25,1]),ab=1200,bb=1,cb={width:null,minwidth:null,maxwidth:"100%",height:null,minheight:null,maxheight:null,ratio:null,margin:Ta,nav:"dots",navposition:"bottom",navwidth:null,thumbwidth:Ua,thumbheight:Ua,thumbmargin:Ta,thumbborderwidth:Ta,allowfullscreen:!1,transition:"slide",clicktransition:null,transitionduration:Qa,captions:!0,startindex:0,loop:!1,autoplay:!1,stopautoplayontouch:!0,keyboard:!1,arrows:!0,click:!0,swipe:!1,trackpad:!1,shuffle:!1,direction:"ltr",shadows:!0,showcaption:!0,navdir:"horizontal",navarrows:!0,navtype:"thumbs"},db={left:!0,right:!0,down:!0,up:!0,space:!1,home:!1,end:!1};Eb.stop=function(a){Eb.ii[a]=!1};var bc,cc,dc,ec,fc,$b=function(){function a(a,b,c){var d=b/c;d<=1?(a.parent().removeClass(qa),a.parent().addClass(ra)):(a.parent().removeClass(ra),a.parent().addClass(qa))}function b(a,b,c){var f=c;a.attr(f)||a.attr(f)===e||a.attr(f,b),a.find("["+f+"]").length&&a.find("["+f+"]").each(function(){d(this).attr(f,b)})}function c(a,b,c){var e,d=!1;return e=a.showCaption===c||a.showCaption===!0,!!b&&(a.caption&&e&&(d=!0),d)}return{setRatio:a,setThumbAttr:b,isExpectedCaption:c}}($b||{},jQuery);jQuery.Fotorama=function(c,r){function Yc(){d.each(ea,function(a,b){if(!b.i){b.i=ha++;var c=yb(b.video,!0);if(c){var d={};b.video=c,b.img||b.thumb?b.thumbsReady=!0:d=zb(b,ea,N),Ab(ea,{img:d.img,thumb:d.thumb},b.i,N)}}})}function Zc(a){return Dc[a]}function $c(){if(ya!==e)if("vertical"==r.navdir){var a=r.thumbwidth+r.thumbmargin;ya.css("left",a),Ha.css("right",a),vb.css("right",a),wa.css("width",wa.css("width")+a),Aa.css("max-width",wa.width()-a)}else ya.css("left",""),Ha.css("right",""),vb.css("right",""),wa.css("width",wa.css("width")+a),Aa.css("max-width","")}function _c(a){var j,b="keydown."+f,c=f+O,e="keydown."+c,h="keyup."+c,i="resize."+c+" orientationchange."+c;a?(Da.on(e,function(a){var b,c;bc&&27===a.keyCode?(b=!0,Vd(bc,!0,!0)):(N.fullScreen||r.keyboard&&!N.index)&&(27===a.keyCode?(b=!0,N.cancelFullScreen()):a.shiftKey&&32===a.keyCode&&Zc("space")||37===a.keyCode&&Zc("left")||38===a.keyCode&&Zc("up")&&d(":focus").attr("data-gallery-role")?(N.longPress.progress(),c="<"):32===a.keyCode&&Zc("space")||39===a.keyCode&&Zc("right")||40===a.keyCode&&Zc("down")&&d(":focus").attr("data-gallery-role")?(N.longPress.progress(),c=">"):36===a.keyCode&&Zc("home")?(N.longPress.progress(),c="<<"):35===a.keyCode&&Zc("end")&&(N.longPress.progress(),c=">>")),(b||c)&&Yb(a),j={index:c,slow:a.altKey,user:!0},c&&(N.longPress.inProgress?N.showWhileLongPress(j):N.show(j))}),a&&Da.on(h,function(a){N.longPress.inProgress&&N.showEndLongPress({user:!0}),N.longPress.reset()}),N.index||Da.off(b).on(b,"textarea, input, select",function(a){!Fa.hasClass(g)&&a.stopPropagation()}),Ca.on(i,N.resize)):(Da.off(e),Ca.off(i))}function ad(a){a!==ad.f&&(a?(c.addClass(f+" "+P).before(va).before(ua),lc(N)):(va.detach(),ua.detach(),c.html(qa.urtext).removeClass(P),mc(N)),_c(a),ad.f=a)}function bd(){ea=N.data=ea||Nb(r.data)||Bb(c),ra=N.size=ea.length,ee.ok&&r.shuffle&&Mb(ea),Yc(),cc=id(cc),ra&&ad(!0)}function cd(){var a=ra<2||bc;Hc.noMove=a||wc,Hc.noSwipe=a||!r.swipe,!Ac&&Aa.toggleClass(y,!r.click&&!Hc.noMove&&!Hc.noSwipe),Na&&wa.toggleClass(p,!Hc.noSwipe)}function dd(a){a===!0&&(a=""),r.autoplay=Math.max(+a||Sa,1.5*zc)}function ed(a){a.navarrows&&"thumbs"===a.nav?(rb.show(),sb.show()):(rb.hide(),sb.hide())}function fd(a,b){return Math.floor(wa.width()/(b.thumbwidth+b.thumbmargin))}function gd(){function b(b,c){a[b?"add":"remove"].push(c)}r.nav&&"dots"!==r.nav||(r.navdir="horizontal"),N.options=r=Pb(r),bb=fd(wa,r),wc="crossfade"===r.transition||"dissolve"===r.transition,qc=r.loop&&(ra>2||wc&&(!Ac||"slide"!==Ac)),zc=+r.transitionduration||Qa,Cc="rtl"===r.direction,Dc=d.extend({},r.keyboard&&db,r.keyboard),ed(r);var a={add:[],remove:[]};ra>1?(rc=r.nav,tc="top"===r.navposition,a.remove.push(X),La.toggle(r.arrows)):(rc=!1,La.hide()),Ad(),Cd(),Bd(),r.autoplay&&dd(r.autoplay),xc=lb(r.thumbwidth)||Ua,yc=lb(r.thumbheight)||Ua,Ic.ok=Kc.ok=r.trackpad&&!Ma,cd(),Kd(r,[Fc]),sc="thumbs"===rc,Oa.filter(":hidden")&&rc&&Oa.show(),sc?(td(ra,"navThumb"),_a=eb,Vc=Za,Gb(ua,d.Fotorama.jst.style({w:xc,h:yc,b:r.thumbborderwidth,m:r.thumbmargin,s:O,q:!Ja})),Ra.addClass(L).removeClass(K)):"dots"===rc?(td(ra,"navDot"),_a=cb,Vc=Ya,Ra.addClass(K).removeClass(L)):(Oa.hide(),rc=!1,Ra.removeClass(L+" "+K)),rc&&(tc?Oa.insertBefore(ya):Oa.insertAfter(ya),xd.nav=!1,xd(_a,Ta,"nav")),uc=r.allowfullscreen,uc?(vb.prependTo(ya),vc=Ka&&"native"===uc):(vb.detach(),vc=!1),b(wc,l),b(!wc,m),b(!r.captions,s),b(Cc,q),b(r.arrows,t),Bc=r.shadows&&!Ma,b(!Bc,o),wa.addClass(a.add.join(" ")).removeClass(a.remove.join(" ")),Ec=d.extend({},r),$c()}function hd(a){return a<0?(ra+a%ra)%ra:a>=ra?a%ra:a}function id(a){return fb(a,0,ra-1)}function jd(a){return qc?hd(a):id(a)}function kd(a){return!!(a>0||qc)&&a-1}function ld(a){return!!(a<ra-1||qc)&&a+1}function md(){Hc.min=qc?-(1/0):-pb(ra-1,Fc.w,r.margin,fc),Hc.max=qc?1/0:-pb(0,Fc.w,r.margin,fc),Hc.snap=Fc.w+r.margin}function nd(){var a="vertical"===r.navdir,b=a?Ta.height():Ta.width(),c=a?Fc.h:Fc.nw;Jc.min=Math.min(0,c-b),Jc.max=0,Jc.direction=r.navdir,Ta.toggleClass(y,!(Jc.noMove=Jc.min===Jc.max))}function od(a,b,c){if("number"==typeof a){a=new Array(a);var e=!0}return d.each(a,function(a,d){if(e&&(d=a),"number"==typeof d){var f=ea[hd(d)];if(f){var g="$"+b+"Frame",h=f[g];c.call(this,a,d,f,h,g,h&&h.data())}}})}function pd(a,b,c,d){(!Gc||"*"===Gc&&d===pc)&&(a=ob(r.width)||ob(a)||Va,b=ob(r.height)||ob(b)||Wa,N.resize({width:a,ratio:r.ratio||c||a/b},0,d!==pc&&"*"))}function qd(a,b,c,e){od(a,b,function(a,f,g,h,i,j){function s(a){var b=hd(f);Ld(a,{index:b,src:p,frame:ea[b]})}function t(){m.remove(),d.Fotorama.cache[p]="error",g.html&&"stage"===b||!q||q===p?(!p||g.html||k?"stage"===b&&(h.trigger("f:load").removeClass(aa+" "+_).addClass(ba),s("load"),pd()):(h.trigger("f:error").removeClass(aa).addClass(_),s("error")),j.state="error",!(ra>1&&ea[f]===g)||g.html||g.deleted||g.video||k||(g.deleted=!0,N.splice(f,1))):(g[o]=p=q,j.$full=null,qd([f],b,c,!0))}function u(){d.Fotorama.measures[p]=n.measures=d.Fotorama.measures[p]||{width:l.width,height:l.height,ratio:l.width/l.height},pd(n.measures.width,n.measures.height,n.measures.ratio,f),m.off("load error").addClass(""+(k?ga:fa)).attr("aria-hidden","false").prependTo(h),h.hasClass(v)&&!h.hasClass(ma)&&h.attr("href",m.attr("src")),Fb(m,(d.isFunction(c)?c():c)||Fc),d.Fotorama.cache[p]=j.state="loaded",setTimeout(function(){h.trigger("f:load").removeClass(aa+" "+_).addClass(ba+" "+(k?ca:da)),"stage"===b?s("load"):(g.thumbratio===$a||!g.thumbratio&&r.thumbratio===$a)&&(g.thumbratio=n.measures.ratio,ce())},0)}function w(){var a=10;Eb(function(){return!Tc||!a--&&!Ma},function(){u()})}if(h){var k=N.fullScreen&&!j.$full&&"stage"===b;if(!j.$img||e||k){var l=new Image,m=d(l),n=m.data();j[k?"$full":"$img"]=m;var o="stage"===b?k?"full":"img":"thumb",p=g[o],q=k?g.img:g["stage"===b?"thumb":"img"];if("navThumb"===b&&(h=j.$wrap),!p)return void t();d.Fotorama.cache[p]?!function a(){"error"===d.Fotorama.cache[p]?t():"loaded"===d.Fotorama.cache[p]?setTimeout(w,0):setTimeout(a,100)}():(d.Fotorama.cache[p]="*",m.on("load",w).on("error",t)),j.state="",l.src=p,j.data.caption&&(l.alt=j.data.caption||""),j.data.full&&d(l).data("original",j.data.full),$b.isExpectedCaption(g,r.showcaption)&&d(l).attr("aria-labelledby",g.labelledby)}}})}function rd(){var a=dc[Xa];a&&!a.data().state&&(Ub.addClass(ta),a.on("f:load f:error",function(){a.off("f:load f:error"),Ub.removeClass(ta)}))}function sd(a){Wb(a,_d),Xb(a,function(){setTimeout(function(){Ob(Ra)},0),Fd({time:zc,guessIndex:d(this).data().eq,minMax:Jc})})}function td(a,b){od(a,b,function(a,c,e,f,g,h){if(!f){f=e[g]=wa[g].clone(),h=f.data(),h.data=e;var i=f[0],j="labelledby"+d.now();"stage"===b?(e.html&&d('<div class="'+la+'"></div>').append(e._html?d(e.html).removeAttr("id").html(e._html):e.html).appendTo(f),e.id&&(j=e.id||j),e.labelledby=j,$b.isExpectedCaption(e,r.showcaption)&&d(d.Fotorama.jst.frameCaption({caption:e.caption,labelledby:j})).appendTo(f),e.video&&f.addClass(w).append(xb.clone()),Xb(i,function(){setTimeout(function(){Ob(ya)},0),Yd({index:h.eq,user:!0})}),Ba=Ba.add(f)):"navDot"===b?(sd(i),cb=cb.add(f)):"navThumb"===b&&(sd(i),h.$wrap=f.children(":first"),eb=eb.add(f),e.video&&h.$wrap.append(xb.clone()))}})}function ud(a,b){return a&&a.length&&Fb(a,b)}function vd(a){od(a,"stage",function(a,b,c,e,f,g){if(e){var h=hd(b);g.eq=h,Rc[Xa][h]=e.css(d.extend({left:wc?0:pb(b,Fc.w,r.margin,fc)},wc&&jb(0))),Db(e[0])&&(e.appendTo(Aa),Vd(c.$video)),ud(g.$img,Fc),ud(g.$full,Fc),!e.hasClass(v)||"false"===e.attr("aria-hidden")&&e.hasClass(W)||e.attr("aria-hidden","true")}})}function wd(a,b){var c,e;"thumbs"!==rc||isNaN(a)||(c=-a,e=-a+Fc.nw,"vertical"===r.navdir&&(a-=r.thumbheight,e=-a+Fc.h),eb.each(function(){var a=d(this),f=a.data(),g=f.eq,h=function(){return{h:yc,w:f.w}},i=h(),j="vertical"===r.navdir?f.t>e:f.l>e;i.w=f.w,f.l+f.w<c||j||ud(f.$img,i)||b&&qd([g],"navThumb",h)}))}function xd(a,b,c){if(!xd[c]){var e="nav"===c&&sc,f=0,g=0;b.append(a.filter(function(){for(var a,b=d(this),c=b.data(),e=0,f=ea.length;e<f;e++)if(c.data===ea[e]){a=!0,c.eq=e;break}return a||b.remove()&&!1}).sort(function(a,b){return d(a).data().eq-d(b).data().eq}).each(function(){var a=d(this),b=a.data();$b.setThumbAttr(a,b.data.caption,"aria-label")}).each(function(){if(e){var a=d(this),b=a.data(),c=Math.round(yc*b.data.thumbratio)||xc,h=Math.round(xc/b.data.thumbratio)||yc;b.t=g,b.h=h,b.l=f,b.w=c,a.css({width:c}),g+=h+r.thumbmargin,f+=c+r.thumbmargin}})),xd[c]=!0}}function yd(a){return a-Wc>Fc.w/3}function zd(a){return!(qc||cc+a&&cc-ra+a||bc)}function Ad(){var a=zd(0),b=zd(1);Ga.toggleClass(B,a).attr(Vb(a,!1)),Ha.toggleClass(B,b).attr(Vb(b,!1))}function Bd(){var a=!1,b=!1;if("thumbs"!==r.navtype||r.loop||(a=0==cc,b=cc==r.data.length-1),"slides"===r.navtype){var c=hb(Ta,r.navdir);a=c>=Jc.max,b=c<=Jc.min}rb.toggleClass(B,a).attr(Vb(a,!0)),sb.toggleClass(B,b).attr(Vb(b,!0))}function Cd(){Ic.ok&&(Ic.prevent={"<":zd(0),">":zd(1)})}function Dd(a){var c,d,e,f,b=a.data();sc?(c=b.l,d=b.t,e=b.w,f=b.h):(c=a.position().left,e=a.width());var g={c:c+e/2,min:-c+10*r.thumbmargin,max:-c+Fc.w-e-10*r.thumbmargin},h={c:d+f/2,min:-d+10*r.thumbmargin,max:-d+Fc.h-f-10*r.thumbmargin};return"vertical"===r.navdir?h:g}function Ed(a){var b=dc[Vc].data();_b(mb,{time:1.2*a,pos:"vertical"===r.navdir?b.t:b.l,width:b.w,height:b.h,direction:r.navdir})}function Fd(a){var d,e,f,g,h,i,j,k,b=ea[a.guessIndex][Vc],c=r.navtype;b&&("thumbs"===c?(d=Jc.min!==Jc.max,f=a.minMax||d&&Dd(dc[Vc]),g=d&&(a.keep&&Fd.t?Fd.l:fb((a.coo||Fc.nw/2)-Dd(b).c,f.min,f.max)),h=d&&(a.keep&&Fd.l?Fd.l:fb((a.coo||Fc.nw/2)-Dd(b).c,f.min,f.max)),i="vertical"===r.navdir?g:h,j=d&&fb(i,Jc.min,Jc.max)||0,e=1.1*a.time,_b(Ta,{time:e,pos:j,direction:r.navdir,onEnd:function(){wd(j,!0),Bd()}}),Ud(Ra,Hb(j,Jc.min,Jc.max,r.navdir)),Fd.l=i):(k=hb(Ta,r.navdir),e=1.11*a.time,j=Tb(r,Jc,a.guessIndex,k,b,Oa,r.navdir),_b(Ta,{time:e,pos:j,direction:r.navdir,onEnd:function(){wd(j,!0),Bd()}}),Ud(Ra,Hb(j,Jc.min,Jc.max,r.navdir))))}function Gd(){Hd(Vc),Qc[Vc].push(dc[Vc].addClass(W).attr("data-active",!0))}function Hd(a){for(var b=Qc[a];b.length;)b.shift().removeClass(W).attr("data-active",!1)}function Id(a){var b=Rc[a];d.each(ec,function(a,c){delete b[hd(c)]}),d.each(b,function(a,c){delete b[a],c.detach()})}function Jd(a){fc=gc=cc;var b=dc[Xa];b&&(Hd(Xa),Qc[Xa].push(b.addClass(W).attr("data-active",!0)),b.hasClass(v)&&b.attr("aria-hidden","false"),a||N.showStage.onEnd(!0),tb(Aa,0,!0),Id(Xa),vd(ec),md(),nd(),Wb(Aa[0],function(){c.hasClass(Z)||(N.requestFullScreen(),vb.focus())}))}function Kd(a,b){a&&d.each(b,function(b,c){c&&d.extend(c,{width:a.width||c.width,height:a.height,minwidth:a.minwidth,maxwidth:a.maxwidth,minheight:a.minheight,maxheight:a.maxheight,ratio:Qb(a.ratio)})})}function Ld(a,b){c.trigger(f+":"+a,[N,b])}function Md(){clearTimeout(Nd.t),Tc=1,r.stopautoplayontouch?N.stopAutoplay():Oc=!0}function Nd(){Tc&&(r.stopautoplayontouch||(Od(),Pd()),Nd.t=setTimeout(function(){Tc=0},Qa+Pa))}function Od(){Oc=!(!bc&&!Pc)}function Pd(){if(clearTimeout(Pd.t),Eb.stop(Pd.w),!r.autoplay||Oc)return void(N.autoplay&&(N.autoplay=!1,Ld("stopautoplay")));N.autoplay||(N.autoplay=!0,Ld("startautoplay"));var a=cc,b=dc[Xa].data();Pd.w=Eb(function(){return b.state||a!==cc},function(){Pd.t=setTimeout(function(){if(!Oc&&a===cc){var b=oc,c=ea[b][Xa].data();Pd.w=Eb(function(){return c.state||b!==oc},function(){Oc||b!==oc||N.show(qc?Zb(!Cc):oc)})}},r.autoplay)})}function Qd(a){var b;return"object"!=typeof a?(b=a,a={}):b=a.index,b=">"===b?gc+1:"<"===b?gc-1:"<<"===b?0:">>"===b?ra-1:b,b=isNaN(b)?e:b,b="undefined"==typeof b?cc||0:b}function Rd(a){N.activeIndex=cc=jd(a),kc=kd(cc),nc=ld(cc),oc=hd(cc+(Cc?-1:1)),ec=[cc,kc,nc],gc=qc?a:cc}function Sd(a){var b=Math.abs(hc-gc),c=ub(a.time,function(){return Math.min(zc*(1+(b-1)/12),2*zc)});return a.slow&&(c*=10),c}function Td(){N.fullScreen&&(N.fullScreen=!1,Ka&&xa.cancel(Q),Fa.removeClass(g),Ea.removeClass(g),c.removeClass(Z).insertAfter(va),Fc=d.extend({},Sc),Vd(bc,!0,!0),$d("x",!1),N.resize(),qd(ec,"stage"),Ob(Ca,Mc,Lc),Ld("fullscreenexit"))}function Ud(a,b){Bc&&(a.removeClass(S+" "+T),a.removeClass(U+" "+V),b&&!bc&&a.addClass(b.replace(/^|\s/g," "+R+"--")))}function Vd(a,b,c){b&&(wa.removeClass(k),bc=!1,cd()),a&&a!==bc&&(a.remove(),Ld("unloadvideo")),c&&(Od(),Pd())}function Wd(a){wa.toggleClass(n,a)}function Xd(a){if(!Hc.flow){var b=a?a.pageX:Xd.x,c=b&&!zd(yd(b))&&r.click;Xd.p!==c&&ya.toggleClass(z,c)&&(Xd.p=c,Xd.x=b)}}function Yd(a){clearTimeout(Yd.t),r.clicktransition&&r.clicktransition!==r.transition?setTimeout(function(){var b=r.transition;N.setOptions({transition:r.clicktransition}),Ac=b,Yd.t=setTimeout(function(){N.show(a)},10)},0):N.show(a)}function Zd(a,b){var e=a.target,f=d(e);f.hasClass(oa)?N.playVideo():e===wb?N.toggleFullScreen():bc?e===Rb&&Vd(bc,!0,!0):c.hasClass(Z)||N.requestFullScreen()}function $d(a,b){Hc[a]=Jc[a]=b}function _d(a){var b=d(this).data().eq;Yd("thumbs"===r.navtype?{index:b,slow:a.altKey,user:!0,coo:a._x-Ra.offset().left}:{index:b,slow:a.altKey,user:!0})}function ae(a){Yd({index:La.index(this)?">":"<",slow:a.altKey,user:!0})}function be(a){Xb(a,function(){setTimeout(function(){Ob(ya)},0),Wd(!1)})}function ce(){if(bd(),gd(),!ce.i){ce.i=!0;var a=r.startindex;cc=fc=gc=hc=pc=jd(a)||0}if(ra){if(de())return;bc&&Vd(bc,!0),ec=[],Id(Xa),ce.ok=!0,N.show({index:cc,time:0}),N.resize()}else N.destroy()}function de(){if(!de.f===Cc)return de.f=Cc,cc=ra-1-cc,N.reverse(),!0}function ee(){ee.ok&&(ee.ok=!1,Ld("ready"))}Ea=d("html"),Fa=d("body");var ea,ra,_a,bc,dc,ec,fc,gc,hc,kc,nc,oc,pc,qc,rc,sc,tc,uc,vc,wc,xc,yc,zc,Ac,Bc,Cc,Dc,Gc,Lc,Mc,Nc,Oc,Pc,Sc,Tc,Uc,Vc,N=this,O=d.now(),P=f+O,Q=c[0],ha=1,qa=c.data(),ua=d("<style></style>"),va=d(Jb(Y)),wa=c.find(Kb(h)),ya=wa.find(Kb(u)),Aa=(ya[0],c.find(Kb(x))),Ba=d(),Ga=c.find(Kb(C)),Ha=c.find(Kb(D)),La=c.find(Kb(A)),Oa=c.find(Kb(F)),Ra=Oa.find(Kb(E)),Ta=Ra.find(Kb(G)),cb=d(),eb=d(),mb=(Aa.data(),Ta.data(),c.find(Kb(ka))),rb=c.find(Kb(ia)),sb=c.find(Kb(ja)),vb=c.find(Kb($)),wb=vb[0],xb=d(Jb(oa)),Cb=c.find(Kb(pa)),Rb=Cb[0],Ub=c.find(Kb(sa)),cc=!1,Ec={},Fc={},Hc={},Ic={},Jc={},Kc={},Qc={},Rc={},Wc=0,Xc=[];wa[Xa]=d('<div class="'+v+'"></div>'),wa[Za]=d(d.Fotorama.jst.thumb()),wa[Ya]=d(d.Fotorama.jst.dots()),
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L2558

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: lib/web/jquery.js:2558
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<a href='#'></a>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L6254

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: lib/web/jquery.js:6254
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = " <link/><table></table><a href='/a'>a</a><input type='checkbox'/>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L825

Insecure DOM Manipulation (XSS) in knockout.js

CWE-79
File Location: lib/web/knockoutjs/knockout.js:825
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = markup;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L164

Insecure DOM Manipulation (XSS) in accordion.js

CWE-79
File Location: lib/web/mage/adminhtml/accordion.js:164
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.loadingItem.dd.innerHTML = content;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L4

Insecure DOM Manipulation (XSS) in modernizr.2.0.6.js

CWE-79
File Location: lib/web/modernizr/modernizr.2.0.6.js:4
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ;window.Modernizr=function(a,b,c){function C(a,b){var c=a.charAt(0).toUpperCase()+a.substr(1),d=(a+" "+o.join(c+" ")+c).split(" ");return B(d,b)}function B(a,b){for(var d in a)if(k[a[d]]!==c)return b=="pfx"?a[d]:!0;return!1}function A(a,b){return!!~(""+a).indexOf(b)}function z(a,b){return typeof a===b}function y(a,b){return x(n.join(a+";")+(b||""))}function x(a){k.cssText=a}var d="2.0.6",e={},f=!0,g=b.documentElement,h=b.head||b.getElementsByTagName("head")[0],i="modernizr",j=b.createElement(i),k=j.style,l,m=Object.prototype.toString,n=" -webkit- -moz- -o- -ms- -khtml- ".split(" "),o="Webkit Moz O ms Khtml".split(" "),p={},q={},r={},s=[],t=function(a,c,d,e){var f,h,j,k=b.createElement("div");if(parseInt(d,10))while(d--)j=b.createElement("div"),j.id=e?e[d]:i+(d+1),k.appendChild(j);f=["&shy;","<style>",a,"</style>"].join(""),k.id=i,k.innerHTML+=f,g.appendChild(k),h=c(k,a),k.parentNode.removeChild(k);return!!h},u,v={}.hasOwnProperty,w;!z(v,c)&&!z(v.call,c)?w=function(a,b){return v.call(a,b)}:w=function(a,b){return b in a&&z(a.constructor.prototype[b],c)};var D=function(a,c){var d=a.join(""),f=c.length;t(d,function(a,c){var d=b.styleSheets[b.styleSheets.length-1],g=d.cssRules&&d.cssRules[0]?d.cssRules[0].cssText:d.cssText||"",h=a.childNodes,i={};while(f--)i[h[f].id]=h[f];e.csstransforms3d=i.csstransforms3d.offsetLeft===9},f,c)}([,["@media (",n.join("transform-3d),("),i,")","{#csstransforms3d{left:9px;position:absolute}}"].join("")],[,"csstransforms3d"]);p.csstransforms=function(){return!!B(["transformProperty","WebkitTransform","MozTransform","OTransform","msTransform"])},p.csstransforms3d=function(){var a=!!B(["perspectiveProperty","WebkitPerspective","MozPerspective","OPerspective","msPerspective"]);a&&"webkitPerspective"in g.style&&(a=e.csstransforms3d);return a};for(var E in p)w(p,E)&&(u=E.toLowerCase(),e[u]=p[E](),s.push((e[u]?"":"no-")+u));x(""),j=l=null,e._version=d,e._prefixes=n,e._domPrefixes=o,e.testProp=function(a){return B([a])},e.testAllProps=C,e.testStyles=t,e.prefixed=function(a){return C(a,"pfx")},g.className=g.className.replace(/\bno-js\b/,"")+(f?" js "+s.join(" "):"");return e}(this,this.document);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L20

Insecure DOM Manipulation (XSS) in modernizr.details.js

CWE-79
File Location: lib/web/modernizr/modernizr.details.js:20
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = '<summary>a</summary>b';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L778

Insecure DOM Manipulation (XSS) in window.js

CWE-79
File Location: lib/web/prototype/window.js:778
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- var size = WindowUtilities._computeSize(this.content.innerHTML, this.content.id, this.width, this.height, 0, this.options.className)
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L58

Insecure DOM Manipulation (XSS) in builder.js

CWE-79
File Location: lib/web/scriptaculous/builder.js:58
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- parentElement.innerHTML = "<" +elementName + " " +
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L2594

Insecure DOM Manipulation (XSS) in Editor.js

CWE-79
File Location: lib/web/tiny_mce/classes/Editor.js:2594
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- content = self.getBody().innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L539

Insecure DOM Manipulation (XSS) in ForceBlocks.js

CWE-79
File Location: lib/web/tiny_mce/classes/ForceBlocks.js:539
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- e.innerHTML = isOpera ? '\u00a0' : '<br />'; // Extra space for Opera so that the caret can move there
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L196

Insecure DOM Manipulation (XSS) in Selection.js

CWE-79
File Location: lib/web/tiny_mce/classes/dom/Selection.js:196
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- doc.body.innerHTML = content;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L201

Insecure DOM Manipulation (XSS) in Selection.js

CWE-79
File Location: lib/web/tiny_mce/classes/dom/Selection.js:201
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- doc.body.innerHTML = content;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L289

Insecure DOM Manipulation (XSS) in Serializer.js

CWE-79
File Location: lib/web/tiny_mce/classes/dom/Serializer.js:289
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- content = node.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L63

Insecure DOM Manipulation (XSS) in image.js

CWE-79
File Location: lib/web/tiny_mce/plugins/advimage/js/image.js:63
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('srcbrowsercontainer').innerHTML = getBrowserHTML('srcbrowser','src','image','theme_advanced_image');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L47

Insecure DOM Manipulation (XSS) in advlink.js

CWE-79
File Location: lib/web/tiny_mce/plugins/advlink/js/advlink.js:47
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById("anchorlistcontainer").innerHTML = html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L204

Insecure DOM Manipulation (XSS) in fullpage.js

CWE-79
File Location: lib/web/tiny_mce/plugins/fullpage/js/fullpage.js:204
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('bgimage_pickcontainer').innerHTML = getBrowserHTML('bgimage_browser','bgimage','image','fullpage');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L215

Insecure DOM Manipulation (XSS) in editor_plugin_src.js

CWE-79
File Location: lib/web/tiny_mce/plugins/spellchecker/editor_plugin_src.js:215
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- if (!w || dom.decode(n.innerHTML) == w)
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L41

Insecure DOM Manipulation (XSS) in props.js

CWE-79
File Location: lib/web/tiny_mce/plugins/style/js/props.js:41
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('border_color_right_pickcontainer').innerHTML = getColorPickerHTML('border_color_right_pick','border_color_right');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L25

Insecure DOM Manipulation (XSS) in editor_plugin_src.js

CWE-79
File Location: lib/web/tiny_mce/plugins/table/editor_plugin_src.js:25
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return elm.innerHTML.replace(/<(br|img|object|embed|input|textarea)[^>]*>/gi, '-').replace(/<[^>]+>/g, '').length == 0;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L183

Insecure DOM Manipulation (XSS) in editor_plugin_src.js

CWE-79
File Location: lib/web/tiny_mce/plugins/table/editor_plugin_src.js:183
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = '<br data-mce-bogus="1" />';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L11

Insecure DOM Manipulation (XSS) in cell.js

CWE-79
File Location: lib/web/tiny_mce/plugins/table/js/cell.js:11
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('bgcolor_pickcontainer').innerHTML = getColorPickerHTML('bgcolor_pick','bgcolor')
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L7

Insecure DOM Manipulation (XSS) in row.js

CWE-79
File Location: lib/web/tiny_mce/plugins/table/js/row.js:7
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('bgcolor_pickcontainer').innerHTML = getColorPickerHTML('bgcolor_pick','bgcolor');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L95

Insecure DOM Manipulation (XSS) in table.js

CWE-79
File Location: lib/web/tiny_mce/plugins/table/js/table.js:95
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- capEl.innerHTML = '<br data-mce-bogus="1"/>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L290

Insecure DOM Manipulation (XSS) in table.js

CWE-79
File Location: lib/web/tiny_mce/plugins/table/js/table.js:290
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('backgroundimagebrowsercontainer').innerHTML = getBrowserHTML('backgroundimagebrowser','backgroundimage','image','table');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L357

Insecure DOM Manipulation (XSS) in charmap.js

CWE-79
File Location: lib/web/tiny_mce/themes/advanced/js/charmap.js:357
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elmV.innerHTML = '&' + codeA;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L15

Insecure DOM Manipulation (XSS) in image.js

CWE-79
File Location: lib/web/tiny_mce/themes/advanced/js/image.js:15
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('srcbrowsercontainer').innerHTML = getBrowserHTML('srcbrowser','src','image','theme_advanced_image');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L4531

Insecure DOM Manipulation (XSS) in tiny_mce_jquery_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_jquery_src.js:4531
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element.innerHTML = html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L6677

Insecure DOM Manipulation (XSS) in tiny_mce_jquery_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_jquery_src.js:6677
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- doc.body.innerHTML = content;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L4298

Insecure DOM Manipulation (XSS) in tiny_mce_prototype_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_prototype_src.js:4298
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element.innerHTML = '<br />' + html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1272

Insecure DOM Manipulation (XSS) in tiny_mce_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_src.js:1272
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elm.innerHTML = text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L5712

Insecure DOM Manipulation (XSS) in tiny_mce_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_src.js:5712
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element2.innerHTML = element2.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L7510

Insecure DOM Manipulation (XSS) in tiny_mce_src.js

CWE-79
File Location: lib/web/tiny_mce/tiny_mce_src.js:7510
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- doc.body.innerHTML = content;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L2265

Insecure DOM Manipulation (XSS) in angular.js

CWE-79
File Location: setup/pub/angular/angular.js:2265
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmp.innerHTML = '<div>&#160;</div>' +
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L111

Insecure DOM Manipulation (XSS) in msrp.js

CWE-79
File Location: app/code/Magento/Msrp/view/base/web/js/msrp.js:111
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $infoPopup = $(infoPopupDOM.innerHTML.trim());
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L13465

Insecure DOM Manipulation (XSS) in swagger-ui.js

CWE-79
File Location: app/code/Magento/Swagger/view/frontend/web/swagger-ui/js/swagger-ui.js:13465
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elem.innerHTML = value;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L209

Insecure DOM Manipulation (XSS) in ext-tree.js

CWE-79
File Location: lib/web/extjs/ext-tree.js:209
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- Ext.tree.TreeNodeUI=function(_1){this.node=_1;this.rendered=false;this.animating=false;this.emptyIcon=Ext.BLANK_IMAGE_URL;};Ext.tree.TreeNodeUI.prototype={removeChild:function(_2){if(this.rendered){this.ctNode.removeChild(_2.ui.getEl());}},beforeLoad:function(){this.addClass("x-tree-node-loading");},afterLoad:function(){this.removeClass("x-tree-node-loading");},onTextChange:function(_3,_4,_5){if(this.rendered){this.textNode.innerHTML=_4;}},onDisableChange:function(_6,_7){this.disabled=_7;if(_7){this.addClass("x-tree-node-disabled");}else{this.removeClass("x-tree-node-disabled");}},onSelectedChange:function(_8){if(_8){this.focus();this.addClass("x-tree-selected");}else{this.removeClass("x-tree-selected");}},onMove:function(_9,_a,_b,_c,_d,_e){this.childIndent=null;if(this.rendered){var _f=_c.ui.getContainer();if(!_f){this.holder=document.createElement("div");this.holder.appendChild(this.wrap);return;}var _10=_e?_e.ui.getEl():null;if(_10){_f.insertBefore(this.wrap,_10);}else{_f.appendChild(this.wrap);}this.node.renderIndent(true);}},addClass:function(cls){if(this.elNode){Ext.fly(this.elNode).addClass(cls);}},removeClass:function(cls){if(this.elNode){Ext.fly(this.elNode).removeClass(cls);}},remove:function(){if(this.rendered){this.holder=document.createElement("div");this.holder.appendChild(this.wrap);}},fireEvent:function(){return this.node.fireEvent.apply(this.node,arguments);},initEvents:function(){this.node.on("move",this.onMove,this);var E=Ext.EventManager;var a=this.anchor;var el=Ext.fly(a);if(Ext.isOpera){el.setStyle("text-decoration","none");}el.on("click",this.onClick,this);el.on("dblclick",this.onDblClick,this);el.on("contextmenu",this.onContextMenu,this);var _16=Ext.fly(this.iconNode);_16.on("click",this.onClick,this);_16.on("dblclick",this.onDblClick,this);_16.on("contextmenu",this.onContextMenu,this);E.on(this.ecNode,"click",this.ecClick,this,true);if(this.node.disabled){this.addClass("x-tree-node-disabled");}if(this.node.hidden){this.addClass("x-tree-node-disabled");}var ot=this.node.getOwnerTree();var dd=ot.enableDD||ot.enableDrag||ot.enableDrop;if(dd&&(!this.node.isRoot||ot.rootVisible)){Ext.dd.Registry.register(this.elNode,{node:this.node,handles:[this.iconNode,this.textNode],isHandle:false});}},hide:function(){if(this.rendered){this.wrap.style.display="none";}},show:function(){if(this.rendered){this.wrap.style.display="";}},onContextMenu:function(e){e.preventDefault();this.focus();this.fireEvent("contextmenu",this.node,e);},onClick:function(e){if(this.dropping){return;}if(this.fireEvent("beforeclick",this.node,e)!==false){if(!this.disabled&&this.node.attributes.href){this.fireEvent("click",this.node,e);return;}e.preventDefault();if(this.disabled){return;}if(this.node.attributes.singleClickExpand&&!this.animating&&this.node.hasChildNodes()){this.node.toggle();}this.fireEvent("click",this.node,e);}else{e.stopEvent();}},onDblClick:function(e){e.preventDefault();if(this.disabled){return;}if(!this.animating&&this.node.hasChildNodes()){this.node.toggle();}this.fireEvent("dblclick",this.node,e);},ecClick:function(e){if(!this.animating&&this.node.hasChildNodes()){this.node.toggle();}},startDrop:function(){this.dropping=true;},endDrop:function(){setTimeout(function(){this.dropping=false;}.createDelegate(this),50);},expand:function(){this.updateExpandIcon();this.ctNode.style.display="";},focus:function(){if(!this.node.preventHScroll){try{this.anchor.focus();}catch(e){}}else{if(!Ext.isIE){try{var _1d=this.node.getOwnerTree().el.dom;var l=_1d.scrollLeft;this.anchor.focus();_1d.scrollLeft=l;}catch(e){}}}},blur:function(){try{this.anchor.blur();}catch(e){}},animExpand:function(_1f){var ct=Ext.get(this.ctNode);ct.stopFx();if(!this.node.hasChildNodes()){this.updateExpandIcon();this.ctNode.style.display="";Ext.callback(_1f);return;}this.animating=true;this.updateExpandIcon();ct.slideIn("t",{callback:function(){this.animating=false;Ext.callback(_1f);},scope:this,duration:this.node.ownerTree.duration||0.25});},highlight:function(){var _21=this.node.getOwnerTree();Ext.fly(this.wrap).highlight(_21.hlColor||"C3DAF9",{endColor:_21.hlBaseColor});},collapse:function(){this.updateExpandIcon();this.ctNode.style.display="none";},animCollapse:function(_22){var ct=Ext.get(this.ctNode);ct.enableDisplayMode("block");ct.stopFx();this.animating=true;this.updateExpandIcon();ct.slideOut("t",{callback:function(){this.animating=false;Ext.callback(_22);},scope:this,duration:this.node.ownerTree.duration||0.25});},getContainer:function(){return this.ctNode;},getEl:function(){return this.wrap;},appendDDGhost:function(_24){_24.appendChild(this.elNode.cloneNode(true));},getDDRepairXY:function(){return Ext.lib.Dom.getXY(this.iconNode);},onRender:function(){this.render();},render:function(_25){var n=this.node;var _27=n.parentNode?n.parentNode.ui.getContainer():n.ownerTree.container.dom;if(!this.rendered){this.rendered=true;var a=n.attributes;this.indentMarkup="";if(n.parentNode){this.indentMarkup=n.parentNode.ui.getChildIndent();}var buf=["<li class=\"x-tree-node\"><div class=\"x-tree-node-el ",n.attributes.cls,"\">","<span class=\"x-tree-node-indent\">",this.indentMarkup,"</span>","<img src=\"",this.emptyIcon,"\" class=\"x-tree-ec-icon\">","<img src=\"",a.icon||this.emptyIcon,"\" class=\"x-tree-node-icon",(a.icon?" x-tree-node-inline-icon":""),(a.iconCls?" "+a.iconCls:""),"\" unselectable=\"on\">","<a hidefocus=\"on\" href=\"",a.href?a.href:"#","\" tabIndex=\"1\" ",a.hrefTarget?" target=\""+a.hrefTarget+"\"":"","><span unselectable=\"on\">",n.text,"</span></a></div>","<ul class=\"x-tree-node-ct\" style=\"display:none;\"></ul>","</li>"];if(_25!==true&&n.nextSibling&&n.nextSibling.ui.getEl()){this.wrap=Ext.DomHelper.insertHtml("beforeBegin",n.nextSibling.ui.getEl(),buf.join(""));}else{this.wrap=Ext.DomHelper.insertHtml("beforeEnd",_27,buf.join(""));}this.elNode=this.wrap.childNodes[0];this.ctNode=this.wrap.childNodes[1];var cs=this.elNode.childNodes;this.indentNode=cs[0];this.ecNode=cs[1];this.iconNode=cs[2];this.anchor=cs[3];this.textNode=cs[3].firstChild;if(a.qtip){if(this.textNode.setAttributeNS){this.textNode.setAttributeNS("ext","qtip",a.qtip);if(a.qtipTitle){this.textNode.setAttributeNS("ext","qtitle",a.qtipTitle);}}else{this.textNode.setAttribute("ext:qtip",a.qtip);if(a.qtipTitle){this.textNode.setAttribute("ext:qtitle",a.qtipTitle);}}}this.initEvents();if(!this.node.expanded){this.updateExpandIcon();}}else{if(_25===true){_27.appendChild(this.wrap);}}},getAnchor:function(){return this.anchor;},getTextEl:function(){return this.textNode;},getIconEl:function(){return this.iconNode;},updateExpandIcon:function(){if(this.rendered){var n=this.node,c1,c2;var cls=n.isLast()?"x-tree-elbow-end":"x-tree-elbow";var _2f=n.hasChildNodes();if(_2f){if(n.expanded){cls+="-minus";c1="x-tree-node-collapsed";c2="x-tree-node-expanded";}else{cls+="-plus";c1="x-tree-node-expanded";c2="x-tree-node-collapsed";}if(this.wasLeaf){this.removeClass("x-tree-node-leaf");this.wasLeaf=false;}if(this.c1!=c1||this.c2!=c2){Ext.fly(this.elNode).replaceClass(c1,c2);this.c1=c1;this.c2=c2;}}else{if(!this.wasLeaf){Ext.fly(this.elNode).replaceClass("x-tree-node-expanded","x-tree-node-leaf");this.wasLeaf=true;}}var ecc="x-tree-ec-icon "+cls;if(this.ecc!=ecc){this.ecNode.className=ecc;this.ecc=ecc;}}},getChildIndent:function(){if(!this.childIndent){var buf=[];var p=this.node;while(p){if(!p.isRoot||(p.isRoot&&p.ownerTree.rootVisible)){if(!p.isLast()){buf.unshift("<img src=\""+this.emptyIcon+"\" class=\"x-tree-elbow-line\">");}else{buf.unshift("<img src=\""+this.emptyIcon+"\" class=\"x-tree-icon\">");}}p=p.parentNode;}this.childIndent=buf.join("");}return this.childIndent;},renderIndent:function(){if(this.rendered){var _33="";var p=this.node.parentNode;if(p){_33=p.ui.getChildIndent();}if(this.indentMarkup!=_33){this.indentNode.innerHTML=_33;this.indentMarkup=_33;}this.updateExpandIcon();}}};Ext.tree.RootTreeNodeUI=function(){Ext.tree.RootTreeNodeUI.superclass.constructor.apply(this,arguments);};Ext.extend(Ext.tree.RootTreeNodeUI,Ext.tree.TreeNodeUI,{render:function(){if(!this.rendered){var _35=this.node.ownerTree.container.dom;this.node.expanded=true;_35.innerHTML="<div class=\"x-tree-root-node\"></div>";this.wrap=this.ctNode=_35.firstChild;}},collapse:function(){},expand:function(){}});
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L237

Insecure DOM Manipulation (XSS) in ext-tree.js

CWE-79
File Location: lib/web/extjs/ext-tree.js:237
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- Ext.form.Field=function(_1){Ext.form.Field.superclass.constructor.call(this,_1);this.addEvents({focus:true,blur:true,specialkey:true,change:true,invalid:true,valid:true});};Ext.extend(Ext.form.Field,Ext.Component,{invalidClass:"x-form-invalid",invalidText:"The value in this field is invalid",focusClass:"x-form-focus",validationEvent:"keyup",validateOnBlur:true,validationDelay:250,defaultAutoCreate:{tag:"input",type:"text",size:"20",autocomplete:"off"},fieldClass:"x-form-field",msgTarget:"qtip",msgFx:"normal",inputType:undefined,isFormField:true,hasFocus:false,value:undefined,getName:function(){return this.rendered&&this.el.dom.name?this.el.dom.name:(this.hiddenName||"");},applyTo:function(_2){this.target=_2;this.el=Ext.get(_2);this.render(this.el.dom.parentNode);return this;},onRender:function(ct,_4){if(this.el){this.el=Ext.get(this.el);if(!this.target){ct.dom.appendChild(this.el.dom);}}else{var _5=this.getAutoCreate();if(!_5.name){_5.name=this.name||this.id;}if(this.inputType){_5.type=this.inputType;}if(this.tabIndex!==undefined){_5.tabIndex=this.tabIndex;}this.el=ct.createChild(_5,_4);}var _6=this.el.dom.type;if(_6){if(_6=="password"){_6="text";}this.el.addClass("x-form-"+_6);}if(!this.customSize&&(this.width||this.height)){this.setSize(this.width||"",this.height||"");}if(this.readOnly){this.el.dom.readOnly=true;}this.el.addClass([this.fieldClass,this.cls]);this.initValue();},initValue:function(){if(this.value!==undefined){this.setValue(this.value);}else{if(this.el.dom.value.length>0){this.setValue(this.el.dom.value);}}},afterRender:function(){Ext.form.Field.superclass.afterRender.call(this);this.initEvents();},fireKey:function(e){if(e.isNavKeyPress()){this.fireEvent("specialkey",this,e);}},reset:function(){this.setValue(this.originalValue);this.clearInvalid();},initEvents:function(){this.el.on(Ext.isIE?"keydown":"keypress",this.fireKey,this);this.el.on("focus",this.onFocus,this);this.el.on("blur",this.onBlur,this);this.originalValue=this.getValue();},onFocus:function(){if(!Ext.isOpera){this.el.addClass(this.focusClass);}this.hasFocus=true;this.startValue=this.getValue();this.fireEvent("focus",this);},onBlur:function(){this.el.removeClass(this.focusClass);this.hasFocus=false;if(this.validationEvent!==false&&this.validateOnBlur&&this.validationEvent!="blur"){this.validate();}var v=this.getValue();if(v!=this.startValue){this.fireEvent("change",this,v,this.startValue);}this.fireEvent("blur",this);},setSize:function(w,h){if(!this.rendered||!this.el){this.width=w;this.height=h;return;}if(w){w=this.adjustWidth(this.el.dom.tagName,w);this.el.setWidth(w);}if(h){this.el.setHeight(h);}var h=this.el.dom.offsetHeight;},isValid:function(_b){if(this.disabled){return true;}var _c=this.preventMark;this.preventMark=_b===true;var v=this.validateValue(this.getRawValue());this.preventMark=_c;return v;},validate:function(){if(this.disabled||this.validateValue(this.getRawValue())){this.clearInvalid();return true;}return false;},validateValue:function(_e){return true;},markInvalid:function(_f){if(!this.rendered||this.preventMark){return;}this.el.addClass(this.invalidClass);_f=_f||this.invalidText;switch(this.msgTarget){case "qtip":this.el.dom.qtip=_f;this.el.dom.qclass="x-form-invalid-tip";break;case "title":this.el.dom.title=_f;break;case "under":if(!this.errorEl){var elp=this.el.findParent(".x-form-element",5,true);this.errorEl=elp.createChild({cls:"x-form-invalid-msg"});this.errorEl.setWidth(elp.getWidth(true)-20);}this.errorEl.update(_f);Ext.form.Field.msgFx[this.msgFx].show(this.errorEl,this);break;case "side":if(!this.errorIcon){var elp=this.el.findParent(".x-form-element",5,true);this.errorIcon=elp.createChild({cls:"x-form-invalid-icon"});}this.alignErrorIcon();this.errorIcon.dom.qtip=_f;this.errorIcon.dom.qclass="x-form-invalid-tip";this.errorIcon.show();break;default:var t=Ext.getDom(this.msgTarget);t.innerHTML=_f;t.style.display=this.msgDisplay;break;}this.fireEvent("invalid",this,_f);},alignErrorIcon:function(){this.errorIcon.alignTo(this.el,"tl-tr",[2,0]);},clearInvalid:function(){if(!this.rendered||this.preventMark){return;}this.el.removeClass(this.invalidClass);switch(this.msgTarget){case "qtip":this.el.dom.qtip="";break;case "title":this.el.dom.title="";break;case "under":if(this.errorEl){Ext.form.Field.msgFx[this.msgFx].hide(this.errorEl,this);}break;case "side":if(this.errorIcon){this.errorIcon.dom.qtip="";this.errorIcon.hide();}break;default:var t=Ext.getDom(this.msgTarget);t.innerHTML="";t.style.display="none";break;}this.fireEvent("valid",this);},getRawValue:function(){return this.el.getValue();},getValue:function(){var v=this.el.getValue();if(v==this.emptyText||v===undefined){v="";}return v;},setRawValue:function(v){return this.el.dom.value=v;},setValue:function(v){this.value=v;if(this.rendered){this.el.dom.value=v;this.validate();}},adjustWidth:function(tag,w){tag=tag.toLowerCase();if(typeof w=="number"&&Ext.isStrict&&!Ext.isSafari){if(Ext.isIE&&(tag=="input"||tag=="textarea")){if(tag=="input"){return w+2;}if(tag="textarea"){return w-2;}}else{if(Ext.isGecko&&tag=="textarea"){return w-6;}else{if(Ext.isOpera){if(tag=="input"){return w+2;}if(tag="textarea"){return w-2;}}}}}return w;}});Ext.form.Field.msgFx={normal:{show:function(_18,f){_18.setDisplayed("block");},hide:function(_1a,f){_1a.setDisplayed(false).update("");}},slide:{show:function(_1c,f){_1c.slideIn("t",{stopFx:true});},hide:function(_1e,f){_1e.slideOut("t",{stopFx:true,useDisplay:true});}},slideRight:{show:function(_20,f){_20.fixDisplay();_20.alignTo(f.el,"tl-tr");_20.slideIn("l",{stopFx:true});},hide:function(_22,f){_22.slideOut("l",{stopFx:true,useDisplay:true});}}};
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1104

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: lib/web/jquery.js:1104
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<div class='a'></div><div class='a i'></div>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L5468

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: lib/web/jquery.js:5468
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- fragmentDiv.innerHTML = elem.outerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L11970

Insecure DOM Manipulation (XSS) in jquery-ui-1.9.2.js

CWE-79
File Location: lib/web/jquery/jquery-ui-1.9.2.js:11970
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- testElement.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output