How envato reviewers review items without even looking at them

My first script on Codecanyon got rejected today. and telling me about SQL injection, XSS, CSRF issues. the item is fully protected from all that security issues.

The sad part is the reviewer is not even checked my item. :frowning: I can confirm that. because my item is recording each and every user sessions data. I chacked those data right after receive my rejection email from envato. so there is no any user sessions are recorded other than mine. so I can confirm that who ever review my item is not actually checked my item. telling me blah blah…

here is proof:

If you guys want to check my item

Login data:

password: Admin@123

They don’t have to look at your item to review it, not necessarily anyway. I’m no code wizard, but take an After Effects template for example… if the preview video is too far off the standard, then there’s no point at even opening the actual project file. Not sure if that’s the case with yours, just providing a possible example.

And I see lots of low quality script getting approved daily. I’m not telling my script is awesome but its much better than some of scripts allready on codecanyon.

I think reviewer noticed, Im a new author. so I dont have any other items in my portfolio. so him/her rejected my item right away. without even looking at it.

script demo also hosted on github pages. so its freaking fast. and has all the information to get started.

docs url:

dedicated item homepage:

This is not a after effect file. my item is a web based script. how reviewer get a good idea without even checking item demo?

You tell me! Is there any possible way that the reviewer could get any idea of the quality of the item, without physically visiting the demo page? I’m assuming he doesn’t manually check for these SQL injection, XSS, CSRF things?

Not checking out your demo page is one thing, but making up a rejection reason is another… is it possible that there are actually SQL injection, XSS, CSRF issues? Maybe the best course of action would be to find out how the reviewers check for this thing and make sure that your criteria for making sure there aren’t SQL injection, XSS, CSRF issues is the same as the reviewers? Just a thought!

Yes I guarantee, because my script is built on latest Codeigniter framework. it is come with built-in by default MySQL protection, XSS protection and etc. and my script’s all forms are submit with a CSRF token. you guys can even check that by simply viewing html form source.