Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin adds jQuery and a bunch of other scripts/styles to the website frontend #57

Open
joelambert opened this issue Nov 2, 2022 · 1 comment
Open

Plugin adds jQuery and a bunch of other scripts/styles to the website frontend #57

joelambert opened this issue Nov 2, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@joelambert
Copy link

Describe the bug

Enabling the plugin adds a load of additional scripts and styles to the frontend website.

wp-security-hardening/modules/scripts.php

Lines 71 to 97 in 304fdf8

add_action('init', function () {
$scripts_list = array(
'common' => array(
array('type' => 'style', 'url' => plugins_url('/inc/assets/css/tw-bs4.css', __FILE__)),
array('type' => 'style', 'url' => plugins_url('/inc/fa/css/font-awesome.min.css', __FILE__)),
),
'admin' => array(
array('type' => 'script', 'url' => plugins_url('/js/admin.js', __FILE__), 'enq' => array('jquery'), 'localization' => array(
'add_url' => get_option('home') . '/wp-admin/post-new.php?post_type=event',
'ajaxurl' => admin_url('admin-ajax.php'),
'nonce' => wp_create_nonce('ajax_call_nonce'),
'wrong_admin' => __('Please enter an admin URL slug which only has alpha-numeric characters', 'whp'),
'home_url' => home_url('/'),
'permalink_structure' => get_option('permalink_structure'),
)),
array('type' => 'style', 'url' => plugins_url('/css/admin.css', __FILE__)),
array('type' => 'style', 'url' => plugins_url('/css/balloon.min.css', __FILE__)),
),
'front' => array(
array('type' => 'script', 'url' => plugins_url('/js/front.js', __FILE__), 'enq' => array('jquery'), 'localization' => array('add_url' => get_option('home') . '/wp-admin/post-new.php?post_type=event', 'ajaxurl' => admin_url('admin-ajax.php'))),
array('type' => 'style', 'url' => plugins_url('/css/front.css', __FILE__)),
)
);
$insert_script = new whpAddStylesHard('whp', $scripts_list);
})

These include enqueueing jQuery and a number of other assets that are not required or contain no content.

This adds page bloat, reducing page performance and also presents a new vulnerability vector adding frameworks that are not otherwise needed by the website.

Could you either not enqueue these assets or provide a way to filter what is enqueued so we have the option to opt out?

To Reproduce

Steps to reproduce the behavior:

  1. Install and enable plugin

Expected behavior

No additional frontend assets enqueued on the frontend

Used versions

  • WordPress version: 6.0.3
  • WP Hardening version: 1.2.6
@joelambert joelambert added the bug Something isn't working label Nov 2, 2022
@adamtomat
Copy link
Contributor

adamtomat commented Nov 2, 2022
edited

Looks like this relates to this MR:

#51

Would be great to see this get patched; let me know if I can help at all. This has quite a big impact on our sites at the mo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joelambert @adamtomat