Solved, but just to clarify some things.

Files integrity checksum (sha256) makes sense if you use a CSP policy. Additionally nonce tells the browser to ignore this script. Using these options is strongly recommended for external scripts and css files. CSP (Content Security Policy) tells the browser what to consider safe. If the safe check by the browser fail then the browser doesn't load that resource/code.

Υπάρχει κάποιο τρόπος να δείχνω ένα pdf σαν κατάλογο μέσα από άρθρο (όχι να ανοίγει σε άλλο παράθυρο ή να το κατεβάζω.)
Ευχαριστώ.

Hello all,
After updating to Elxis 5.6 Oxylus, I noticed that there were changes in the template five index.php file.

Before the update, I used the following code:
// add meta tags using method using classes
elxisloader::loadFile('templates/five/includes/seometatags.class.php')."\n";
$seotags = new seometatags();
$seotags->dispseometatags();

elxisloader::loadFile('templates/five/includes/five.class.php');
$tpl5 = new templateFive();
$tplts = filemtime(ELXIS_PATH.'/templates/five/css/template'.$eLang->getinfo('RTLSFX').'.css');

Now I see the following code:
$f = ELXIS_PATH.'/templates/five/css/template'.$eLang->getinfo('RTLSFX').'.css';
$integrity = $eDoc->integrityFileHash($f);
$tplts = filemtime($f);

elxisloader::loadFile('templates/five/includes/five.class.php');
$tpl5 = new templateFive();

As I realize that this is an added security measure, as you have added
integrity="sha256-<?php echo $integrity;  and  $eDoc->getNonce(); into the html head section link.
How can I add in the seometatags.class.php file?

Another question:  I use the following js addin,
<script data-account="999999999" src="https://cdn.userway.org/widget.js"></script>Do I have to modify html script tag for security purposes?

I use CSS/JS minifier in some sites, including elxis.org, and I have not this problem.

Despite the above an other solution would be to change Elxis Defender general rules.

Open includes/libraries/elxis/defender/general.rules.php
Locate "PHP wrapper attack" line and remove the "data:" from the list

Replace this:
array('URI,QUERY', 'ftp\:|ftps\:|rtp\:|udp\:|php\:|data\:|file\:|glob\:|zlib\:|ogg\:|ssh2\:|expect\:', 'PHP wrapper attack'),
with this:
array('URI,QUERY', 'ftp\:|ftps\:|rtp\:|udp\:|php\:|file\:|glob\:|zlib\:|ogg\:|ssh2\:|expect\:', 'PHP wrapper attack'),

Hello Elxis Team,

I haven't posted here for a long time; this shows how well Elxis works. But now I have a problem with being banned multiple times (hoped it will be better after upgrading to v5.6). I cannot explain it better as I am just a normal user, please be patient.

I think it has something to do with lightbox. When I open an image I cannot see the forward, backward and close buttons (on a locally installed copy it works). When I inspect the code in a browser I see a 403 error and in the security log I have this message (something about a php wrapper attack):

2025-09-07 02:29:42 GMT [xx.x.xxx.xx - ae227021.dynamic.ppp.xxxx-net.or.jp]
Mozilla/5.0 (X11; Linux x86_64; rv:142.0) Gecko/20100101 Firefox/142.0
REFERER: https://www."website".com/inner.php/minify/268cec204dbdfdfb8e8d2e6d364d84e7.css
GET /components/com_content/plugins/gallery/includes/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGMAAAA2CAYAAADTeCfRAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNS1jMDE0IDc5LjE1MTQ4MSwgMjAxMy8wMy8xMy0xMjowOToxNSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIE1hY2ludG9zaCIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo5NThDMEMwNzg3NjgxMUU1QUM2MUYwRDYwNTNEN0UxMSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo5NThDMEMwODg3NjgxMUU1QUM2MUYwRDYwNTNEN0UxMSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjk1OEMwQzA1ODc2ODExRTVBQzYxRjBENjA1M0Q3RTExIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjk1OEMwQzA2ODc2ODExRTVBQzYxRjBENjA1M0Q3RTExIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+htE8KwAAA9BJREFUeNrsm1tIFGEYhndDI4OSLgqkMrKjBXYwCjt40QkpL4pMyoqMgigIgm6iiy66KSwpj2vrucKgpINRRhYRooQkWYEWUkaWERokhVQXbu/QOyDhpjPzz3H/Dx7W1f2+753/3X9mnPnHHwqFfDKcEWPkEEgzZEgzpBkybDbjHLhvIP8GKLNhPILgksEaFaDKKWacAMdAn4Ean8F+kGOxGXFgDyjSmZ8L9oFpurKVU1uBnAr9jZMCah1hrQLBGkciyL7FGvNymXdZb2+RG3GGYo4LrHmINS9abEiZRkMu8PNXjPQVJV4Vc9SEgclm7WqLDSkd5RdBiBGizCihmMMmDkwWe1yz2JBy9g2E+ft5o7smkWZUUMwBCwYmg71u2nQMCZhphFEzaihmt4UDk86e9TYZUsj3OaKNMGJGHcVkWjwoChvZ+7HFfQvZt42vpaJ76Em6SzHbbDBCZR01NFvct519u8yorzXhEcWk2WiESiq1tFrUT901veZrnp1mNFHEWgcYoZJMTe0m98ljn3K+z+f7oB1mtLD5agcZoZJEbZ3Ab0J9deCrwpzSB6004xWbLnegESqJ1NgNok04aFeF+XtA5MF8pA90stkiBxuhkkCtvSBGQL2iEYz415Bys8yIAu/ZZKELjFCJp+Z+EGugTgHrVGq8ClEm2oxZ4CUYAHNcZIRKHOjj6ed8A8eISo15xUaPIcP9spFFk11ohMp0bkOHxrxa5lXo7Ksack9Pvn+YpTqLwS0QDZbxRo+bYgJoBZPAZtCiIVe5QzceZBroXwP8YKfWRH+YdVOx4AOYCOJBt0uMUAz4BGLAVNDjhXvg/bwF2UdTElywLVOoN5o/97hsRv/3HvgAv10fwVuQ6ODtUO45f6HmyaDXi6tDfoMZNKMdJDlwG2ZyN/qVs/mbl5fqDILZoAO8AMkO0j8XvONJhjKLf0TKuqkF4Dl4BlY6QLty1vcGdHE39SvSFrEtBc2gCWywUfcKfjE6eHIxGKkrCleBRvAApNmgOQU8BW2crRG/vDMV1JN0C/WmcmYqZizxeSyMLO/cBG6DOyDDAq3rwRPOyhSfB8PoWtst4DrJMlGnYnwDeMjZ4c0QdGGumhfIsk246LeVtetcfOFyVEQJ8nQv+AkqwThQIqjuDnAV1ILtPo9HlMBaB/kfewCMBfkG6ylL85VnJZSroLt8kRAmTLezOpfUD+W0WQvFnIzfpEePlaeO5oE1OvOVp56+R8KuaWiYZYYMG05tZUgzpBkypBnSDBnSDGmGDGmGDGmGNEOGNEOaIUOa4YH4I8AAM9m8BFEzyDIAAAAASUVORK5CYII=
REFCODE: DEFG-0018 Request blocked, Method: URI, Rule: data:, Reason: PHP wrapper attack

Your help would be greatly appreciated.

Thank you,
Markus