[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fs5TRXcOi3PlnjKIWl1shknpyGSGcFY-MrEamy0HtbNY":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"mociofiletto","Giuseppe","https:\u002F\u002Fprofiles.wordpress.org\u002Fmociofiletto\u002F",2,700,100,30,94,"2026-04-05T02:27:31.447Z",[14,38],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":20,"downloaded":21,"rating":11,"num_ratings":22,"last_updated":23,"tested_up_to":24,"requires_at_least":25,"requires_php":26,"tags":27,"homepage":33,"download_link":34,"security_score":9,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"campi-moduli-italiani","Campi Moduli Italiani","2.3.2","\u003Cp>This plugin creates form tags for Contact Form 7 and form fields for WPForms.\u003C\u002Fp>\n\u003Ch4>Contact Form 7\u003C\u002Fh4>\n\u003Cp>4 form-tags (and corresponding mail-tags) are available in this version:\u003Cbr \u002F>\n* [comune]: creates a series of select for the selection of an Italian municipality\u003Cbr \u002F>\n* [cf]: creates a field for entering the Italian tax code of a natural person\u003Cbr \u002F>\n* [stato]: creates the ability to select a country\u003Cbr \u002F>\n* [formsign]: creates the possibility to digitally sign the e-mails sent with a private key attributed to each individual form\u003C\u002Fp>\n\u003Ch4>WPForms\u003C\u002Fh4>\n\u003Cp>2 fields types are available:\u003Cbr \u002F>\n* Cascade selection of an Italian municipality (returning Istat’s municipality code as value)\u003Cbr \u002F>\n* A field to select a state (returning Istat’s country code as value)\u003C\u002Fp>\n\u003Ch3>Data used\u003C\u002Fh3>\n\u003Cp>At the time of activation, the plugin downloads the data it uses from the Istat and from the Italian Revenue Agency websites. This data can be updated from the administration console.\u003Cbr \u002F>\nDownloading and entering data into the database takes several minutes: be patient during the activation phase.\u003Cbr \u002F>\nThe selection of the municipalities was created starting from the code of https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fregione-provincia-comune\u002F\u003C\u002Fp>\n\u003Cp>This plugin uses data made available by ISTAT and the Agenzia delle entrate (Italian revenue agency).\u003Cbr \u002F>\nIn particular, data made available at these URLs are acquired and stored:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>https:\u002F\u002Fwww.istat.it\u002Fit\u002Farchivio\u002F6789\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fwww.istat.it\u002Fit\u002Farchivio\u002F6747\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fwww1.agenziaentrate.gov.it\u002Fservizi\u002Fcodici\u002Fricerca\u002FVisualizzaTabella.php?ArcName=00T4\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The data published on the ISTAT website are covered by a Creative Commons license – Attribution (CC-by) (https:\u002F\u002Fcreativecommons.org\u002Flicenses\u002Fby\u002F3.0\u002Fit\u002F), as indicated here: https:\u002F\u002Fwww.istat.it\u002Fit\u002Fnote-legali\u003Cbr \u002F>\nThe data taken from the website of the Agenzia delle entrate are in the public domain and constitute a public database made available to allow tax compliance and, more generally, to allow the identification of physical persons with the Italian public administrations, through the personal fiscal code.\u003Cbr \u002F>\nThe data are managed by the Ufficio Archivio of the Agenzia delle entrate.\u003Cbr \u002F>\nBy Italian law (art. 52 d.lgs. 82\u002F2005) all data, that are not personal data, published by an Italian administration without an explicit license are open data (CC0).\u003Cbr \u002F>\nThis plugin uses the data taken from the website of the Agenzia delle entrate exclusively for the purpose of carrying out a formal regularity check of the pesonal tax code.\u003Cbr \u002F>\nThis plugin does not include any links on the external pages of the website on which it is used, neither to the Agenzia delle entrate’s site nor to the ISTAT’s website; in particular, no kind of direct link is made, nor of deep linking.\u003C\u002Fp>\n\u003Ch3>How to use form tags in Contact Form 7\u003C\u002Fh3>\n\u003Cp>[comune]\u003Cbr \u002F>\n    [comune] has a manager in the CF7 form creation area that allows you to set various options.\u003Cbr \u002F>\nIn particular, it is possible to set the “kind” attribute to “tutti” (all); “attuali” (current), “evidenza_cessati” (evidence ceased). In the first and third cases, in different ways, both the currently existing municipalities and those previously closed are proposed (useful, for example, to allow the selection of the municipality of birth). In the “attuali” mode, however, only the selection of the currently existing municipalities is allowed (useful to allow the selection of the Municipality of residence \u002F domicile).\u003Cbr \u002F>\nIt is also possible to set the “comu_details” option, to show an icon after the select cascade that allows the display of a modal table with the statistical details of the territorial unit.\u003Cbr \u002F>\nThe value returned by the group is always the ISTAT code of the selected municipality. The corresponding mail-tag converts this value into the name of the municipality followed by the indication of the automotive code of the province.\u003Cbr \u002F>\nFrom version 1.1.1 hidden fields are also populated with the strings corresponding to the denomination of the region, province and municipality selected, useful for being used in plugins that directly capture the data transmitted by the form (such as “Send PDF for Contact Form 7” )\u003Cbr \u002F>\nThe cascade of select can also be used outside of CF7, using the [comune] shortcode (options similar to those of the form tag for Contact Form 7).\u003C\u002Fp>\n\u003Cp>Starting from version 2.2.0 there is a new filters’ builder for the field [comune] useful for creating fields that allow the selection of a customizable list of municipalities.\u003Cbr \u002F>\nFilters can be used both for CF7 tag, and for WPForms field, and for the shortcode ‘comune’.\u003Cbr \u002F>\nA short youtube video illustrates how to use filters and the filters’ builder.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FseycOunfikk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>[cf]\u003Cbr \u002F>\n    [cf] has a manager in the CF7 form creation area that allows you to set the various options.\u003Cbr \u002F>\nIn particular, it is possible to set various validation options allowing you to find the correspondence of the tax code with other fields of the form.\u003Cbr \u002F>\nSpecifically, it is possible to verify that the tax code corresponds with the foreign state of birth (selected by means of a select [stato]), the Italian municipality of birth (selected by means of a cascade of select [comune]), gender (indicating the name of a form field that returns “M” or “F”), the date of birth. If multiple fields are used to select the date of birth, one for the day, one for the month and one for the year, it is possible to find the correspondence of the tax code with these values.\u003C\u002Fp>\n\u003Cp>[stato]\u003Cbr \u002F>\n    [stato] has a manager in the CF7 form creation area that allows you to set various options.\u003Cbr \u002F>\nIn particular, it is possible to set the selection of only the currently existing states (“only_current” option) and it is possible to set the “use_continent” option to have the select values divided by continent. The field always returns the ISTAT code of the foreign state (code 100 for Italy). The ISTAT code is the type of data expected by [cf], for the verification of the tax code.\u003C\u002Fp>\n\u003Cp>[formsign]\u003Cbr \u002F>\n    [formsign] NOW (v. 2.2.1) has a manager in the CF7 form creation area.\u003Cbr \u002F>\nTo use it, simply insert the tag followed by the field name in your own form: for example [formsign firmadigitale]. This tag will create a hidden field in the form with attribute name = “firmadigitale” and no value.\u003Cbr \u002F>\nTo use the code, it is also necessary to insert the [firmadigitale] mail-tag in the email or emails that the form sends (it is recommended at the end of the email).\u003Cbr \u002F>\nIn this way, in the email body it will be written a two-lines sequence containing:\u003Cbr \u002F>\nan md5 hash of the data transmitted with the module (not of the content of any attached files)\u003Cbr \u002F>\na digital signature of the hash.\u003Cbr \u002F>\nIf you use html email, you can style the output using a wp option named: “gcmi-forsign-css” with a css as value.\u003Cbr \u002F>\nThe signature is affixed by generating a pair of RSA keys, attributed to each form.\u003Cbr \u002F>\nBy checking the hash and the signature, it will be possible to verify that the emails have actually been sent by the form and that the data transmitted by the user correspond to what has been registered.\u003Cbr \u002F>\nTo facilitate data feedback, it is preferable to use “Flamingo” for archiving sent messages. In fact, in the Flamingo admin screen, a specific box is created that allows feedback of the hash and the digital signature entered in the email.\u003Cbr \u002F>\nThe system is useful in the event that through the form it is expected to receive applications for registration or applications etc… and avoids disputes regarding the data that the candidates claim to have sent and what is recorded by the system in Flamingo.\u003C\u002Fp>\n\u003Ch3>Code\u003C\u002Fh3>\n\u003Cp>Want to check the code? \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMocioF\u002Fcampi-moduli-italiani\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FMocioF\u002Fcampi-moduli-italiani\u003C\u002Fa>\u003C\u002Fp>\n","Plugin to create useful fields for Italian sites, to be used in the forms produced with Contact Form 7 and WPForms.",500,13874,6,"2025-10-27T21:26:00.000Z","6.8.5","5.9","7.4",[28,29,30,31,32],"codice-fiscale","comuni-italiani","contact-form-7","firma-digitale","wpforms","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcampi-moduli-italiani\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcampi-moduli-italiani.2.3.2.zip",0,null,"2026-03-15T15:16:48.613Z",{"slug":39,"name":40,"version":41,"author":5,"author_profile":6,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":9,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":25,"requires_php":26,"tags":49,"homepage":55,"download_link":56,"security_score":9,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"no-unsafe-inline","No unsafe-inline","1.3.0","\u003Cp>Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.\u003Cbr \u002F>\nCross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications.\u003Cbr \u002F>\nXSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.\u003Cbr \u002F>\nA cross-site scripting vulnerability may be used by attackers to bypass access controls like the same-origin policy.\u003Cbr \u002F>\nLooking at National Vulnerability Database run by US NIST, \u003Cem>more than 1100 (November 2025) vulnerabilities\u003C\u002Fem> are reported as \u003Ca href=\"https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fsearch#\u002Fnvd\u002Fhome?vulnRevisionStatusList=published&keyword=XSS%20Wordpress&resultType=records\" rel=\"nofollow ugc\">XSS for WordPress’ plugins and themes\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cem>Keeping your site up-to-date\u003C\u002Fem> with the latest versions of plugins and themes is the \u003Cstrong>first\u003C\u002Fstrong> line of defense to ensure your site’s security.\u003C\u002Fp>\n\u003Cp>The second thing to do, is to \u003Cstrong>deploy a strict Content Security Policy\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>The main problem\u003C\u002Fh3>\n\u003Cp>The main problem with Content Security Policies implemented in the real world is that \u003Ca href=\"https:\u002F\u002Fresearch.google\u002Fpubs\u002Fpub45542\u002F\" rel=\"nofollow ugc\">they are too weak to really protect your site\u003C\u002Fa> and that many of them can be trivially bypassed by an attacker.\u003C\u002Fp>\n\u003Ch3>The proposed solution\u003C\u002Fh3>\n\u003Cp>Google researchers recommend, instead of whole host whitelisting, to activate individual scripts via a CSP nonces approach.\u003Cbr \u002F>\nIn addition, in order to facilitate the adoption of nonce-based CSP, they proposed the ’strict-dynamic’ keyword.\u003C\u002Fp>\n\u003Ch3>The problem(s) with CSP in WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Manual creation of a policy\u003C\u002Fp>\n\u003Cp>Usually, a WordPress project is a mix of code written by different authors who contributed to the Core and or wrote plugins and themes.\u003Cbr \u002F>\nIf it is possible to whitelist every external script loaded from a \u003Ccode>\u003Cscript src=\"\">\u003C\u002Fcode>, the real truth is that in a WordPress project you can have dozens of those scripts included with your plugins and calculate a cryptographic hash for each of them to be included in your CSP header can be a frustrating job. However, there are many browser extensions and WordPress’ plugins that can help you in this job.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Inline scripts\u003C\u002Fp>\n\u003Cp>WordPress core, and plugins, use inline scripts. For these scripts, you can compute hashes to be inserted manually into your policy, only if these scripts do not change at any page load. Unfortunately, this is not very common, as it is frequent to include variable values calculated server side in inline scripts. And it means that your inline scripts change too frequently to manually add their hashes to your policy.\u003Cbr \u002F>\nThis commonly happens when scripts are \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress\u002Fblob\u002Fa793be201b9c23dbe8b90a6ecd53ab52336f0f91\u002Fwp-includes\u002Fscript-loader.php#L636\" rel=\"nofollow ugc\">“localized”\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WordPress has no API to implement nonces for CSP\u003C\u002Fp>\n\u003Cp>Even if it is easy to generate a nonce for each page view, this nonce has to be inserted in every script tag used to embed inline scripts in your page as\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cscript nonce=\"rAnd0m\">\n    doWhatever();\n\u003C\u002Fscript>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>and in your script-src directive:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>script-src 'nonce-rAnd0m';\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>And, of course, a nonce must be unique for each HTTP response.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Unsafe hashes \u002F Inline styles\u003C\u002Fp>\n\u003Cp>Sometimes, HTML elements as images or buttons use HTML Event Attributes (onclick, onsubmit…) to let events trigger actions in a browser.\u003Cbr \u002F>\nYou cannot use hashes or nonces for script included in event attributes and, adopting a strict CSP, requires refactoring those patterns into safer alternatives or to use ‘unsafe-hashes’.\u003Cbr \u002F>\nYou got a similar problem when inline styles are used in HTML tags:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ch1 style=\"color:blue;text-align:center;\">This is a heading\u003C\u002Fh1>\n\u003Cp style=\"color:red;\">This is a paragraph.\u003C\u002Fp>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>CSP Level 2 browsers may be ok with just putting the hash in your style-src directive. However, to allow hashes in the style attribute on inline CSS on browsers that support CSP Level 3, you may get an error like this\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    Refused to apply inline style because it violates the following Content Security Policy directive: \"style-src 'self' 'sha256-nMxMqdZhkHxz5vAuW\u002FPAoLvECzzsmeAxD\u002FBNwG15HuA='\". Either the 'unsafe-inline' keyword, a hash ('sha256-nMxMqdZhkHxz5vAuW\u002FPAoLvECzzsmeAxD\u002FBNwG15HuA='), or a nonce ('nonce-...') is required to enable inline execution.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To allow inline styles you need to use ‘unsafe-hashes’ in your style-src directive (that is, in facts, unsafe).\u003Cbr \u002F>\n^\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>This plugin approach\u003C\u002Fh3>\n\u003Cp>This plugin affords those problems in this way:\u003C\u002Fp>\n\u003Col>\n\u003Cli>During a capture phase, it detects the scripts, styles and other embedded content present in the pages of your site and stores them in the database.\u003C\u002Fli>\n\u003Cli>Then you have to whitelist these contents from plugin admin.\u003C\u002Fli>\n\u003Cli>The plugin uses machine learning to cluster inline scripts trying to aggregate scripts generated by the same server side (PHP) code. So, you can authorize one script example to authorize all scripts that the classifier predicts to label as whitelisted clusters.\u003C\u002Fli>\n\u003Cli>You can choose to use hashes to authorize external scripts (and the plugin will allow you to include Subresource Integrity in your \u003Ccode>\u003Cscript>\u003C\u002Fcode> and \u003Ccode>\u003Clink>\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>You can use hashes or nonces to authorize inline scripts.\u003C\u002Fli>\n\u003Cli>You can ask the plugin to refactor your page to not use event attributes (converted in a inline script) and inline styles (converted in an internal CSS).\u003C\u002Fli>\n\u003Cli>You can set one or more violations’ report endpoints.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The plugin supports multisite installations and has (too) many options documented in inline help.\u003C\u002Fp>\n\u003Ch3>Creating a Content Security Policy\u003C\u002Fh3>\n\u003Cp>After plugin activation, go to Settings menu and search for CSP Settings submenu.\u003Cbr \u002F>\nThe steps you are supposed to do are the following.\u003C\u002Fp>\n\u003Col>\n\u003Cli>From the Tools tab, activate the capture of the tags and use your site by visiting all the pages or having your users visit them for a long time long period based on the use of your site (hours or days).\u003C\u002Fli>\n\u003Cli>From the Tools tab, perform the data clustering in the database (it can use many server resources).\u003C\u002Fli>\n\u003Cli>Go to the Base rules tab and include in the CSP directives the desired values ​​(help you with the table at the bottom of the page).\u003C\u002Fli>\n\u003Cli>Go to the external scripts tab, inline scripts tab and scripts invoked by event handlers tab and authorize the execution of all the legitimate scripts present on the pages of your site.\u003C\u002Fli>\n\u003Cli>Leaving the tag capture active, activate the policy test (at this stage the plugin will generate some violations of the temporary policy used to record additional values to be included in the directives of your “content security policy”).\u003C\u002Fli>\n\u003Cli>After visiting again your site pages, disable the capture of the tags and repeat the previous steps 2, 3 and 4.\u003C\u002Fli>\n\u003Cli>Enable site protection.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>N.B. When you update plugins or themes, if something doesn’t work properly on your site pages, temporarily deactivate the protection and repeat steps 1 to 7.\u003C\u002Fp>\n\u003Ch3>Plugin hooks\u003C\u002Fh3>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMocioF\u002FNo-unsafe-inline\u002Fblob\u002Fd068711d56c2d7b228b524f640f5e13af3327097\u002Fpublic\u002Fclass-no-unsafe-inline-public.php#L419\" rel=\"nofollow ugc\">nunil_output_csp_headers_header_csp\u003C\u002Fa>\u003Cbr \u002F>\nnunil_output_csp_headers_header_csp is available since version 1.2.3 and can be used to modify the Content-Security-Policy header before it is sent to browser\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMocioF\u002FNo-unsafe-inline\u002Fblob\u002Fd068711d56c2d7b228b524f640f5e13af3327097\u002Fsrc\u002FNunil_Manipulate_DOM.php#L930\" rel=\"nofollow ugc\">no_unsafe_inline_not_sri_sources\u003C\u002Fa>\u003Cbr \u002F>\nno_unsafe_inline_not_sri_sources can be used to modify the list of external resources that do not support SRI (Subresource Integrity)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMocioF\u002FNo-unsafe-inline\u002Fblob\u002Fd068711d56c2d7b228b524f640f5e13af3327097\u002Fmu-plugin\u002Fno-unsafe-inline-output-buffering.php#L100\" rel=\"nofollow ugc\">no_unsafe_inline_final_output\u003C\u002Fa>\u003Cbr \u002F>\nno_unsafe_inline_final_output is an internal filter used to manipulate the output of the WordPress process just before the output is sent to the browser.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMocioF\u002FNo-unsafe-inline\u002Fblob\u002Fd068711d56c2d7b228b524f640f5e13af3327097\u002Fmu-plugin\u002Fno-unsafe-inline-output-buffering.php#L107\" rel=\"nofollow ugc\">no_unsafe_inline_meta_injector\u003C\u002Fa>\u003Cbr \u002F>\nno_unsafe_inline_meta_injector is an internal filter hook used to inject meta http-equiv=”Content-Security-Policy” if variable is set\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Actions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMocioF\u002FNo-unsafe-inline\u002Fblob\u002Fd068711d56c2d7b228b524f640f5e13af3327097\u002Fincludes\u002Fclass-no-unsafe-inline.php#L213-L217\" rel=\"nofollow ugc\">nunil_upgrade\u003C\u002Fa> Functions hooked on nunil_upgrade will run when the plugin is upgraded\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMocioF\u002FNo-unsafe-inline\u002Fblob\u002Fd068711d56c2d7b228b524f640f5e13af3327097\u002Fincludes\u002Fclass-no-unsafe-inline.php#L254\" rel=\"nofollow ugc\">nunil_output_csp_headers\u003C\u002Fa> Functions hooked to nunil_output_csp_headers will run when the plugin output the CSP HTTP response header\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Code and libraries\u003C\u002Fh3>\n\u003Cp>This version of the plugin uses:\u003Cbr \u002F>\n* to parse HTML:\u003Cbr \u002F>\n  * \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fivopetkov\u002Fhtml5-dom-document-php\" rel=\"nofollow ugc\">ivopetkov\u002FHTML5DOMDocument\u003C\u002Fa> on PHP\u003C8.4 and libxml\u003C=2.13.09\u003Cbr \u002F>\n  * \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMasterminds\u002Fhtml5-php\" rel=\"nofollow ugc\">Masterminds\\HTML5\u003C\u002Fa> on PHP\u003C8.4 and libxml>2.13.09\u003Cbr \u002F>\n  * \u003Ca href=\"https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Fmigration84.new-features.php#migration84.new-features.dom\" rel=\"nofollow ugc\">\\Dom\\HTMLDocument\u003C\u002Fa>: The new ext-dom features with HTML5 support on PHP>8.4\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Frubixml.com\u002F\" rel=\"nofollow ugc\">RubixML\u003C\u002Fa> for machine learning \u003Cstrong>\u003Cem>from version 1.1.0\u003C\u002Fem>\u003C\u002Fstrong> – \u003Cem>\u003Ca href=\"https:\u002F\u002Fphp-ml.readthedocs.io\u002Fen\u002Flatest\u002F\" rel=\"nofollow ugc\">PHP-ML\u003C\u002Fa> was used in versions 1.0.x\u003C\u002Fem>;\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fopctim\u002Fphp-nilsimsa\" rel=\"nofollow ugc\">opctim\u002Fphp-nilsimsa\u003C\u002Fa> to calculate and compare Nilsimsa digests.\u003C\u002Fp>\n\u003Cp>The log functions have been taken from\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fperfectyorg\u002Fperfecty-push-wp\" rel=\"nofollow ugc\">perfectyorg\u002Fperfecty-push-wp\u003C\u002Fa>, \u003Cstrong>\u003Cem>something you should \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fperfecty-push-notifications\u002F\" rel=\"ugc\">really try\u003C\u002Fa> if you want to implement web Push notifications in your site.\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>complete list of dependencies\u003C\u002Fstrong> used in this plugin can be seen in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMocioF\u002FNo-unsafe-inline\u002Fnetwork\u002Fdependencies\" rel=\"nofollow ugc\">dependency graph\u003C\u002Fa> on GitHub.\u003C\u002Fp>\n\u003Ch3>Contributions, Issues, Bugs\u003C\u002Fh3>\n\u003Cp>Plugin code is hosted on a public repository on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMocioF\u002FNo-unsafe-inline\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003Cbr \u002F>\nReach me over there to help and suggest.\u003C\u002Fp>\n","No unsafe-inline helps you to build a Content Security Policy avoiding to use 'unsafe-inline' and 'unsafe-hashes'.",200,11184,5,"2025-12-04T21:50:00.000Z","6.9.4",[50,51,52,53,54],"content-security-policy","csp","multisite","security","unsafe-inline","https:\u002F\u002Fgithub.com\u002FMocioF\u002FNo-unsafe-inline","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-unsafe-inline.1.3.0.zip"]