Creating Previews of Links with Blockquote

I’ve noticed on one of my clients’ websites that there was an issue with the formatting, and where no code was present on the backend, but there was a weird styling issue occurring.

Upon further investigation, the client was correct, there was indeed no additional markup or styling in the backend, just the link, but on the front end, there was a new block of html where the url was supposed to be

When I went to investigate the element, the console opened up first, and I was able to see this;

Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.5.0' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
eicons.woff2:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
fa-solid-900.woff2:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff?5.5.0' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
eicons.woff:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
fa-solid-900.woff:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.5.0' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
eicons.woff2:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
fa-brands-400.woff2:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
fa-solid-900.woff2:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.ttf?5.5.0' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
eicons.ttf:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.ttf' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
fa-solid-900.ttf:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff?5.5.0' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
eicons.woff:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
fa-brands-400.woff:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
fa-solid-900.woff:1 Failed to load resource: net::ERR_FAILED
dovermed.co.il/#?secret=6yzBSmzfFr:1 Access to font at 'https://dovermed.co.il/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.ttf' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
fa-brands-400.ttf:1 Failed to load resource: net::ERR_FAILED
39(index):1917 Uncaught TypeError: Cannot read property 'style' of null
    at updateHero ((index):1917)
23(index):1917 Uncaught TypeError: Cannot read property 'style' of null
    at updateHero ((index):1917)

As you can see, this was pinging the website for fonts

Somehow the text, written in the code text editor was being converted server side into a Blockquote, with it’s own mockup, and the text “Home”, with an anchor leading to the website. Other urls written on the page did not convert.

I feel like this could very well be a major security issue because it allows the, now target website, to inject styling, and attempt to inject fonts into the client end.

After, I had attempted to repeat the issue on other sites, but only a select few of them, so I wrote down all the plugins they had in common, and, being that contact form 7 begins with a ‘C’, the first plugin I had tried was Contact Form 7, and suddenly I was able to replicate the issue.

So I’ve narrowed it down to your plugin, but I am still unsure as to how this error is occurring.

Edit: Hilariously enough, it is actually occuring in this post, right now

• This topic was modified 4 years, 1 month ago by gryphbecrazeh.
• This topic was modified 4 years, 1 month ago by Jan Dembowski.
• This topic was modified 4 years, 1 month ago by Jan Dembowski.

The page I need help with: [log in to see the link]