Fix bug where $ is undefined.

mortenson / pr-sneaking

A repository demonstrating how you can sneak malicious code into Github PRs

11 stars 1 forks source link

Closed mortenson closed 8 months ago

mortenson commented 7 years ago

$ is not always globally available on my site, so we should use the global jQuery if it is available.

WidgetsBurritos commented 7 years ago

A safety mechanism to protect against this is to never accept PR changes for anything in dist/. We only ever update our dist during version bumps.

mortenson commented 7 years ago

@WidgetsBurritos Once I have more examples I should probably make a mitigations section of the README.

WidgetsBurritos commented 7 years ago

@mortenson cool. I'll keep an eye out