Why do I get a warning for this code snippet?

  • Resolved martin1

    (@martin1)


    3 years, 11 months ago

    Hi,

    I got a codesnippet to stop an events/appointment plugin (https://codecanyon.net/item/stachethemes-event-calendar-wordpress-events-calendar-plugin/16168229) from having my browser ask for my location. I added the snippet to the snippets plugin.

    This is the snippet:

    add_action('wp_footer', function() {
    if (wp_script_is('stec-db-js')) {
        ?>
        <script type="text/javascript">
            (function ($) {
                const myLocation = 'Address'; // default location
                $(function () {
                    if (typeof $.stecExtend === 'function') {
                        $.stecExtend(function (m) {
                            m.glob.options.myLocation = myLocation;
                        });
                    } else {
                        window.stecSingleOptions.myLocation = myLocation;
                    }
                });
            })(window.jQuery);
        </script>
        <?php
    }
});

    why would Wordfence give me warning about this? As far as my limited knowledge goes I don’t see anything freaky in the code for WF to be concearned about.

    Under Wordfence > Tools > Live Traffic I now see this warning back:

    blocked by firewall for XSS: Cross Site Scripting in POST body: snippet_code=add_action(‘wp_footer’%2C%20function()%20%7B%0D%0A%20%20%20%20if%20(wp_script_is(‘stec-db-js’))%20%7…

    Any insight would be appreciated.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @martin1 and thanks for reaching out to us!

    The WAF is just mistaking this for a false positive. Right from the entry in the Live Traffic, you should see “Add Param to Allowlist”. This should teach the WAF that this request is normal for your site.

    Let me know if you have any issues!

    Thanks again!

    Thread Starter martin1

    (@martin1)

    Hi,

    Thanks for getting back to me on this. I have marked it as allowed :-).

    I thought it was a weird warning seeing as the code doesn’t seem to be dangerous.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Why do I get a warning for this code snippet?’ is closed to new replies.