search

witsec / mobirise-white-label

White label your website by removing references to the generator in the source code
MIT License
24 stars 11 forks source link

Mobirise 5 Theme loads https://r.mobirise.com/script.js #5

Open gunnarhaslinger opened 2 years ago

gunnarhaslinger commented 2 years ago

Each Website based on "Mobirise 5 Theme" seems to load this Script: https://r.mobirise.com/script.js which of course is not hosted locally but on a Mobirise-Server.

So each website-visit calls a ping-back to r.mobiries.com, which is not GDPR compliant in Europe.

I figured out that "/assets/theme/js/script.js" is responsible for loading https://r.mobirise.com/script.js

_0x3886a9(0x1b0,'8U&Q') returns the string "https://r.mobirise.com/script.js"

So by just search for _0x3886a9(0x1b0,'8U&Q') and replace it with " " this behaviour can be solved.

I have no Idea what the contents of https://r.mobirise.com/script.js is good for. Currently I didn't notice any breaking changes by just removing to load it. But of course another option would be to host this script locally and not replace it with " " but with "local-hosted-script.js"

Any Ideas what this is for? Maybe it is interesting to include this in the white-label Extension. But possibly the obfuscation could change with each updated theme.

gunnarhaslinger commented 2 years ago

Link to Mobirise Forum Post: https://forums.mobirise.com/discussion/30489/mobirise-5-theme-loads-https-r-mobirise-com-script-js

Seems this behavior is dependent on the "Free" Version of Mobirise. Paid License seem to get another Version of this script.