Security error with Logo in banner, srcset with no content isn’t allowed

Hi @hendrik57,

We appreciate your writing in,

Every testing site’s tool has its fixed mechanism so the result appears different in various testing tools. For your confirmation you can test it on other similar testing sites you will find different results. Also, our Zakra theme has no security issue with the banner and logo.

Please write for other queries in the future.

With Regards,
ThemeGrill Support Team

Hi @barsha04

I’m the owner of check-your-website.

> Also, our Zakra theme has no security issue with the banner and logo.

It’s not a security problem, it’s a content problem.

See the source code of the main page.

<img width="147" height="100" src="https://lijstbob.nl/wp-content/uploads/huisstijl/LijstBOB_logo1.jpg" class="custom-logo" alt="Burgerbelangen OverBetuwe" srcset="" />

An empty srcset=”” is wrong (same would be src=””). Some browsers check such values, so the result (in a subfolder /abc): https://website.com/abc is checked.

That was the first information (error 403, not allowed), then I’ve changed my tool to check such empty srcset=”” explizit.

A template should never create such empty srcset attribute values.

You’re correct. It should not be empty. And the html code says srcset is “” empty.

We have spend hours to find out what could cause this. Other sites with the same theme and plugins do not show this error, empty scrset.
We use WordPress, Zakra and Elementor PRO. And WP optimize and Media Library Folders Pro For WordPress.

We disabled Elementor, wp-optimize, Media Library Folders Pro For WordPress and multiple other plugins. We regenerated thumbnails and reset the data. But in all circumstances we get this empty srcset for the logo. Even when we replaced this by the logo of the site that is OK (A).
We checked settings, but could not find differences that could explain the behavior. Even httpd in Apache is nearly identical (beside the user).

Can someone help us to solve this problem? What can cause this in WordPress 5.7, PHP 7.4. (the other site is running on 7.3 btw)

I’m sorry to say. The srcset=”” , also empty in Zakra.

I installed a clean WordPress 5.7, Lastest Zakra as theme. Then I added the logo in the header only. This is the html line:
<img width="364" height="247" src="https://localhost/zakratest/wp-content/uploads/2021/03/LijstBOB_logo_s.png" class="custom-logo" alt="Logo lijst BOB" srcset="" sizes="(max-width: 364px) 100vw, 364px">

The error is generated because the responsive fall-back images sizes are not there. srcset defines multiple sizes of the same image, allowing the browser to select the appropriate image source. It is HTML5.
The empty tag is pointing to nothing and the tag should point to at least one url. So leave the tag out, or fill in with at least one valid url to avoid ‘missing content’.

When we use Elementor to create a new header and menu, the srcset and header is correct.

And is is not a security error, but a content error that the test discovers correctly.
When such content errors are discovered, one never scores an A on that test site. Even if the security settings are 100%.

• This reply was modified 3 years, 8 months ago by Hendrik57. Reason: spelling

I found out where it is going wrong and fixed the issue.

In the file zakra/inc/hooks/header.php line 689 should be disabled. The result looks like this then:

function zakra_change_logo_attr( $attr, $attachment, $size ) {
		$custom_logo = wp_get_attachment_image_src( get_theme_mod( 'custom_logo' ), 'full' );

		if ( ! empty( $custom_logo ) ) {
			$custom_logo = $custom_logo[0];
		}

		if ( isset( $attr['class'] ) && 'custom-logo' === $attr['class'] ) {
			$retina_logo    = get_theme_mod( 'zakra_retina_logo', '' );
//			$attr['srcset'] = '';

			if ( $retina_logo ) {
				$attr['srcset'] = $custom_logo . ' 1x,' . $retina_logo . ' 2x';
			}
// no Else ...	$attr['srcset'] = ''; since srcset may not be empty
		}

		return $attr;
	}

and the resulting html code looks like this then:

<img width="364" height="247" src="https://localhost/zakratest/wp-content/uploads/2021/03/LijstBOB_logo_s.png" class="custom-logo" alt="Logo lijst BOB" srcset="https://localhost/zakratest/wp-content/uploads/2021/03/LijstBOB_logo_s.png 364w, https://localhost/zakratest/wp-content/uploads/2021/03/LijstBOB_logo_s-300x204.png 300w" sizes="(max-width: 364px) 100vw, 364px">

• This reply was modified 3 years, 8 months ago by Hendrik57.
• This reply was modified 3 years, 8 months ago by Hendrik57.
• This reply was modified 3 years, 8 months ago by Hendrik57.

Hi @hendrik57,

We appreciate your writing in,

Glad to hear that your issue has been solved. Also, we would like to thank you for the update.

Please write us back if you encounter any other issues in the future. We will be delighted to help you.

With Regards,
ThemeGrill Support Team

Is it correct that this bug is to be solved in the next update?
Otherwise I will have to create a child theme to preserve this correction.

Hi @hendrik57,

We appreciate your writing in,

We can remove the $attr[‘srcset’] empty string assignment in our theme. Our developers are already working on it and we will push an update with our next theme release as soon as possible.

You can get the info about the changes via this link:
https://zakratheme.com/zakra-changelog/

Kind Regards,
ThemeGrill Support

In the changelog, bugfix 26 march (1.5.8) it seems not to be fixed in the current update.

• This reply was modified 3 years, 8 months ago by Hendrik57. Reason: version added