javascript: the beginning and end of an image along its center

Javascript snippet that detects the beginning and end of an image along its center, alpha supported.

Parameters: image id (without ‘#’)

Returns an object with:
– start (first non trasparent/not white pixel from center top)
– end (first not trasparent/not white pixel from center bottom)
– image width
– image height


WordPress 4.8.3 + ACF + get_posts with meta_query

Here in Papion headquarters we love using ACF.
Advanced Custom Fields is one of the best WordPress plugins for custom field management.

Recently, with the new WordPress 4.8.3, a change was made in the query to the database.

Instead of characters like now we have placeholders like (for more information see code).

It does not involve any major issues, except when we use ACF in combination with get_posts and metaquery to search for based on repeater fields that have in format like “fieldgrup_0_field”, “fieldgrup_1_field”, etc.

One of the solutions ACF proposes is (source)


However, with the update, instead of the “%” character, we find ourselves with a numeric placeholder, so this code should be changed so that the comparison is done with the query without placeholders:


Iubenda, check consent given in javascript

Simple script to check if user have given consent to Iubenda privacy/cookie policy. Function will return true if user has given consent, false otherwise.

Semplice script per verificare se l’utente ha dato il consenso alla privacy / cookie policy di Iubenda. La funzione restituirà true se l’utente ha dato il consenso, altrimenti falso.

Event style use:


G Suite: Gmail and Inbox crashing. Solved

Just installed G Suite, launched Gmail / Inbox and … crash? Seems that it is related to the fact that G Suite cannot use Chrome process.

So tried to install Chrome ( G Suite version ), everything seems ok and working now. Solved.

XSS scripting and

What is a XSS attack?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

source Wikipedia


If you use Thunderbird and plugins like Enigmail you have the option to import all PGP keys related to email addresses that are present in your address book.

First of all you need is to specify a key server, like, then the plugin, for every single email address, will look for corresponding PGP key and will prompt you if you want to import results.

But, some times, the key is not what you’ll expect.

Some entries contains invalid data, and to be more specific, can contain malicious code.

If you request these entries in the lookup form, the output html can contain this code and execute javascript functions, redirects, XSS attacks, ecc.

In conclusion

Keep your eyes open, and avoid mass import of PGP keys.

  • 2017-08-01: reported to

JS/CSS Moon Phases snippet

Simple script to generate moon phases ( )

It uses 2 SVG (2 hemispheres) and some CSS transformation.

You can avoid JS if you don’t need real-time phase update.

HTML code




and JS code. The code is prolix and redundant, but it helps to understand what happens.


and here the result JS/CSS Moon Phases