Title: Strange js in html code
Last modified: October 22, 2018

---

# Strange js in html code

 *  Resolved [Anagram](https://wordpress.org/support/users/ahutatatong/)
 * (@ahutatatong)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/strange-js-in-html-code/)
 * If i enable wp-cerber i see some strange html code at the end of the page:
 *  <script type=”text/javascript”>
    jQuery(document).ready(function ($) { //$( 
   document ).ajaxStart(function() { //});
 *  for (var i = 0; i < document.forms.length; ++i) {
    var form = document.forms[
   i]; if ($(form).attr(“method”) != “get”) { $(form).append(‘<input type=”hidden”
   name=”rOHabc” value=”c@0Y5l” />’); } if ($(form).attr(“method”) != “get”) { $(
   form).append(‘<input type=”hidden” name=”emDQHdOSs” value=”6E51ya7pi” />’); }
   if ($(form).attr(“method”) != “get”) { $(form).append(‘<input type=”hidden” name
   =”vpONEuF” value=”nlQ6Pb@” />’); } }
 *  $(document).on(‘submit’, ‘form’, function () {
    if ($(this).attr(“method”) !
   = “get”) { $(this).append(‘<input type=”hidden” name=”rOHabc” value=”c@0Y5l” /
   >’); } if ($(this).attr(“method”) != “get”) { $(this).append(‘<input type=”hidden”
   name=”emDQHdOSs” value=”6E51ya7pi” />’); } if ($(this).attr(“method”) != “get”){
   $(this).append(‘<input type=”hidden” name=”vpONEuF” value=”nlQ6Pb@” />’); } return
   true; });
 *  jQuery.ajaxSetup({
    beforeSend: function (e, data) {
 *  //console.log(Object.getOwnPropertyNames(data).sort());
    //console.log(data.
   type);
 *  if (data.type !== ‘POST’) return;
 *  if (typeof data.data === ‘object’ && data.data !== null) {
    data.data.append(“
   rOHabc”, “c@0Y5l”); data.data.append(“emDQHdOSs”, “6E51ya7pi”); data.data.append(“
   vpONEuF”, “nlQ6Pb@”); } else { data.data = data.data + ‘&rOHabc=c@0Y5l&emDQHdOSs
   =6E51ya7pi&vpONEuF=nlQ6Pb@’; } } });
 *  });
    </script>
 * Is this intended? Especially the lines that are uncommented as well as the console.
   log look strange to me (debug logs not removed?).
 * I could imagine that this helps solving possible multiple logins by attaching
   some more form variables, still it looks somehow unfinished (and for now suspicous)
   to me.

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Author [gioni](https://wordpress.org/support/users/gioni/)
 * (@gioni)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/strange-js-in-html-code/#post-10812157)
 * This code is absolutely OK.
 *  Thread Starter [Anagram](https://wordpress.org/support/users/ahutatatong/)
 * (@ahutatatong)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/strange-js-in-html-code/#post-10812281)
 * Ok, thanks for the quick answer.
    It looked more suspicous to me before i found
   out to which plugin it belonged. Still i would remove the console.log and the
   other uncommented code parts. Obviously this is not required, but my thought 
   was that none of the few plugins i had installed would output this kind of code.
 * Btw. the plugin itself is perfectly fine. Well done!
    -  This reply was modified 7 years, 7 months ago by [Anagram](https://wordpress.org/support/users/ahutatatong/).
 *  Plugin Author [gioni](https://wordpress.org/support/users/gioni/)
 * (@gioni)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/strange-js-in-html-code/#post-10812834)
 * It’s better to install this version, though. An issue with saving settings has
   been fixed: [https://wpcerber.com/development-version-7-8-3/](https://wpcerber.com/development-version-7-8-3/)
 *  [goha221](https://wordpress.org/support/users/goha221/)
 * (@goha221)
 * [7 years, 1 month ago](https://wordpress.org/support/topic/strange-js-in-html-code/#post-11435508)
 * Have you tried solving your problem using anagram? If not then you can solve 
   it there as well because I have heard you using anagram in your post and I guess
   the link I am going to share is worth trying. So here I go!
    [https://www.anagrammaker.online/](https://www.anagrammaker.online/)
 *  [floatwork_jan](https://wordpress.org/support/users/floatworkjan/)
 * (@floatworkjan)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/strange-js-in-html-code/#post-11930606)
 * I’ve got a couple of questions regarding this code and thought it’s better to
   post them in this existing thread.
 * **1. Which Cerber feature requires that code?**
 * We’re using Cerber on all our customer sites, but prefer to deregister `jquery-
   core` for a variety of reasons. For once, the version bundled with WordPress 
   contains at least two vulnerabilities of medium severity. And then, of course,
   there’s little to no use for jQuery in 2019. If the jQuery code added by Cerber
   is required by a specific feature, we’d rather disable it.
 * **2. Are there plans to migrate this code to vanilla JavaScript?**
 * While it’s trivial to upgrade the bundled version of jQuery, it should be in 
   the interest of a security product to limit all possible attack vectors. Hence,
   reducing third-party dependencies such as jQuery should be desirable. Is the 
   Cerber team open to PRs to achieve this?

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Strange js in html code’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/wp-cerber_77a9bf.svg)
 * [WP Cerber Security, Anti-spam & Malware Scan](https://wordpress.org/plugins/wp-cerber/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-cerber/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-cerber/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-cerber/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-cerber/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-cerber/reviews/)

 * 5 replies
 * 4 participants
 * Last reply from: [floatwork_jan](https://wordpress.org/support/users/floatworkjan/)
 * Last activity: [6 years, 9 months ago](https://wordpress.org/support/topic/strange-js-in-html-code/#post-11930606)
 * Status: resolved