sio
commented
5 years ago Oh-oh-oh... Our script.js is not just code for the theme, it also contains the whole jQuery library, obfuscated beyond my understanding.
Good news is Attila's JS might not be as complex as it appears from the size of that file. Bad news is we can not update jQuery unless we somehow separate it from the rest of the code
Issue subject is the error that pops up when running Google Chrome's audit on the generated web site. It's triggered because Attila uses outdated jQuery version: 1.11.3. Here is what Google help says about it: https://developers.google.com/web/tools/lighthouse/audits/vulnerabilities?utm_source=lighthouse&utm_medium=devtools
Because of #34 it will be difficult to upgrade to newer version of jQuery. We could just change the url and see if everything else works without any modifications. Another options are rewriting js from scratch and importing newer scripts from Ghost theme.
I am not qualified to judge the severity of existing vulnerabilities and whether they may be exploited with Attila. I'm submitting this issue in hope someone offers a solution or a workaround.