[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyFlsxP1uB3W3dZffjeSP7kDterOfBnmmMV3i7-jlZzw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":30,"analysis":31,"fingerprints":82},"dxfview","DXFViewer","1.0","aviket","https:\u002F\u002Fprofiles.wordpress.org\u002Faviket\u002F","\u003Cp>This plugin displays a DXF file on your WordPress post or page.\u003Cbr \u002F>\nDXF (Drawing eXchange Format) is industry standard format for CAD drawings.\u003Cbr \u002F>\nFor DXF specifications: refer- http:\u002F\u002Fimages.autodesk.com\u002Fadsk\u002Ffiles\u002Fautocad_2012_pdf_dxf-reference_enu.pdf\u003Cbr \u002F>\nDXF is an Ascii file. You can create it by AutoCAD or a few other packages like LibreCAD or QCad.\u003Cbr \u002F>\nSome free samples of DXF files can be found online.\u003Cbr \u002F>\nThis plugin uses javascript and fully works on client side and hence works at lightening speed.\u003C\u002Fp>\n\u003Cp>How to Use:\u003Cbr \u002F>\nThis plugin requires the browser that supports HTML5 Canvas, most modern browsers do.\u003Cbr \u002F>\nAfter installation and Activation, you have to use shortcode [DXF] (ie simply type “[DXF]” on the page or post).\u003Cbr \u002F>\nThe starting page is loaded with some default DXF contents.\u003Cbr \u002F>\nViewer of your post will see a black coloured rectangle and a button to select a DXF file on the client machine.\u003Cbr \u002F>\nDepending on the size of the DXF file, the file will be rendered in the black rectangle.\u003Cbr \u002F>\nFor zooming, use mouse wheels, for panning click, hold and drag with the left mouse button.\u003Cbr \u002F>\nThe links below the rendering area can be used to save the canvas as a JPG or PNG file.\u003Cbr \u002F>\nBackground color and border are not shown in the saved images downloaded images.\u003Cbr \u002F>\nFor setting the Background color and Border, use the settings page.\u003Cbr \u002F>\nSettings can be configured at: Admin area->Settings->DXFView Options.\u003Cbr \u002F>\nThis plugin uses JCanvas and DXFParser:\u003Cbr \u002F>\nLink to JCanvas: http:\u002F\u002Fprojects.calebevans.me\u002Fjcanvas\u002F\u003Cbr \u002F>\nLink to DXF parser: https:\u002F\u002Fgithub.com\u002Fgdsestimating\u002Fdxf-parser\u003Cbr \u002F>\nCommonly supported Entities in both Jcanvas and DXF parser are : Line, polyline, circle, text and arc and only\u003Cbr \u002F>\nthese much are rendered. Polylines with arcs, buldges etc are rendered as line string joining vertices.\u003Cbr \u002F>\nDifferent text fonts are ignored and all the texts are displayed in one common font.\u003Cbr \u002F>\nEntities on hidden or freezed layers are also rendered.\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FGud7SGzsaD8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","This plugin displays a DXF file on your Wordpress post or page.",30,2227,0,"2016-10-20T03:54:00.000Z","4.5.33","4.5.4","",[19],"dxf","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdxfview.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":21,"avg_patch_time_days":11,"trust_score":28,"computed_at":29},2,40,84,"2026-04-04T18:36:38.715Z",[],{"attackSurface":32,"codeSignals":50,"taintFlows":69,"riskAssessment":70,"analyzedAt":81},{"hooks":33,"ajaxHandlers":46,"restRoutes":47,"shortcodes":48,"cronEvents":49,"entryPointCount":13,"unprotectedCount":13},[34,39,42],{"type":35,"name":36,"callback":36,"file":37,"line":38},"action","init","settings\\DXFViewSettings.php",14,{"type":35,"name":40,"callback":40,"file":37,"line":41},"admin_init",18,{"type":35,"name":43,"callback":44,"file":37,"line":45},"admin_menu","add_page",19,[],[],[],[],{"dangerousFunctions":51,"sqlUsage":52,"outputEscaping":54,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":68},[],{"prepared":13,"raw":13,"locations":53},[],{"escaped":13,"rawEcho":55,"locations":56},6,[57,60,61,63,65,67],{"file":37,"line":58,"context":59},74,"raw output",{"file":37,"line":58,"context":59},{"file":37,"line":62,"context":59},75,{"file":37,"line":64,"context":59},76,{"file":37,"line":66,"context":59},88,{"file":37,"line":66,"context":59},[],[],{"summary":71,"deductions":72},"The dxfview plugin v1.0 presents a mixed security profile.  On the positive side, the static analysis indicates a small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events.  Furthermore, there are no recorded vulnerabilities (CVEs) in its history, suggesting a relatively stable and well-maintained code base. The plugin also appears to utilize prepared statements for its SQL queries, which is a good practice for preventing SQL injection.  However, a significant concern arises from the complete lack of output escaping. This means that any data rendered by the plugin could potentially be vulnerable to cross-site scripting (XSS) attacks if it processes or displays user-supplied input without proper sanitization.  Additionally, the absence of nonce and capability checks on any potential entry points (even though none were detected) is a weakness. While the attack surface is currently zero, if future versions introduce new functionalities that become entry points, these checks will be critical.",[73,76,79],{"reason":74,"points":75},"No output escaping",15,{"reason":77,"points":78},"No nonce checks detected",5,{"reason":80,"points":78},"No capability checks detected","2026-03-16T22:31:28.885Z",{"wat":83,"direct":99},{"assetPaths":84,"generatorPatterns":87,"scriptPaths":88,"versionParams":93},[85,86],"\u002Fwp-content\u002Fplugins\u002Fdxfview\u002Fjs\u002F","\u002Fwp-content\u002Fplugins\u002Fdxfview\u002Fcss\u002F",[],[89,90,91,92],"\u002Fwp-content\u002Fplugins\u002Fdxfview\u002Fjs\u002Fdxfviewer.js","\u002Fwp-content\u002Fplugins\u002Fdxfview\u002Fjs\u002Fthree.min.js","\u002Fwp-content\u002Fplugins\u002Fdxfview\u002Fjs\u002FTrackballControls.js","\u002Fwp-content\u002Fplugins\u002Fdxfview\u002Fjs\u002FSTLLoader.js",[94,95,96,97,98],"dxfview\u002Fjs\u002Fdxfviewer.js?ver=","dxfview\u002Fjs\u002Fthree.min.js?ver=","dxfview\u002Fjs\u002FTrackballControls.js?ver=","dxfview\u002Fjs\u002FSTLLoader.js?ver=","dxfview\u002Fcss\u002Fdxfviewer.css?ver=",{"cssClasses":100,"htmlComments":101,"htmlAttributes":102,"restEndpoints":103,"jsGlobals":104,"shortcodeOutput":105},[],[],[],[],[],[]]