Open jurgenhaas opened 1 week ago
IMO polyfill shouldn't even be mentioned in case someone accidentally uses the compromised domain. It's hella outdated these days, not even needed.
I hope this change goes in soon.
It's not complete. There's still a link in the readme to the malicious domain:
Use #1161 instead.
Either approve https://github.com/Choices-js/Choices/pull/1161 or amend this PR to catch both references to the malicious domain -- but let's not get stuck in analysis-paralysis here. There is some urgency to closing this attack vector.
Fixes #1160