Interesting injection situation.
Do you see this in your page source when viewed locally in a browser or only once you upload the exported files to the server? Does it appear in the exported files locally before uploading or only instantly after uploading to ipage?
Blocs app does not add this. What did they say was the specific “security liability” ? Have them tell you specifically what is present that allows this to be caused.
What is the specific weakness ? Have them tell you specifically what is present that allows this to be caused.
Ask them to tell you specifically what is the exact vulnerability that is present with the site(s) that allows this to be caused since your other site also has it that was not built with Blocs.
I know nothing about ipage, but I would have to agree concerning the BS. I looked at your source code and found the following on your index pages of both sites. Was it also appearing on other pages of just the index pages of these sites?
These are the two instances on those pages, minus all the code, indicated below as […]
<!-- start of StopAd injection -->
<script nonce="">
/* domain=www1.ipage.com */
(function() { [...]
</script>
<style nonce="">
/* domain=www1.ipage.com&generic=1 */
[...]
</style>
<!-- end of StopAd injection -->
</head>
<!-- start of StopAd injection -->
<script nonce="">
!function(t)
[...]
</script>
<!-- end of StopAd injection -->
</body>
I’m not familiar with it but do you happen to use StopAd on your machine or as browser extensions? If so and regardless, do you see this in the source when viewed locally in a browser via Blocs preview, or only once you upload the exported files to the server? Does it appear in the exported files locally before uploading or only instantly after uploading to ipage?
This sequence of checking the page source and when it occurs would make for a nice screen recoding video to demonstrate when it occurs.
Do you have other sites hosted with ipage that this also occurs on?