search

okikio / bundlejs

An online tool to quickly bundle & minify your projects, while viewing the compressed gzip/brotli bundle size, all running locally on your browser.
https://bundlejs.com
MIT License
751 stars 13 forks source link

[SECURITY VULNERABILITY] In your codebase is a reference of the cdn com polyfill com io service #71

Closed PriNova closed 2 months ago

PriNova commented 2 months ago

https://github.com/okikio/bundlejs/blob/55ac6fed60d9f86656e0b6d318052508b90b05bc/src/assets/_headers#L18

This file is using the cdn.polyfill.io service which is known for injecting malicious code

Please use the cloudflare polyfill service

https://x.com/WeldPond/status/1805973940642119900

okikio commented 2 months ago

Thanks for the find, I stopped using polyfill.io a couple years ago I just commented it out at the time, but I guess I hadn't removed the old comments. I've now removed all references to polyfill.io