Description
Considering the criticality of the stored data it is important to not embed any external resources. This makes the security of this web page reliant on an untrusted third-party provider.
A short grep on the source code shows that data is loaded for example from:
netdna.bootstrapcdn.com
cdnjs.cloudflare.com
ajax.googleapis.com
maxcdn.bootstrapcdn.com
The content loaded also includes Javascript files. This means if the pages do for any reason (e.g. malicious owner or being hacked) deliver malicious content they can execute arbitrary JavaScript in the user-context.
Proposed actions
Recommended: Do not deliver content from external resources
Description Considering the criticality of the stored data it is important to not embed any external resources. This makes the security of this web page reliant on an untrusted third-party provider.
A short grep on the source code shows that data is loaded for example from:
The content loaded also includes Javascript files. This means if the pages do for any reason (e.g. malicious owner or being hacked) deliver malicious content they can execute arbitrary JavaScript in the user-context.
Proposed actions