Closed aspiwack closed 3 months ago
CC @reubenharry The only reference to polyfill I could find is in docs/mkdocs.yml
Do you know what it does, and how we can remove that?
From what I read in https://developer.mozilla.org/en-US/docs/Glossary/Polyfill we should be safe to simply remove the one line referencing polyfill. The website will stop working as intended on older browsers, but that's the whole downside.
Then let's remove for now, and we can think later about whether we want to regain the functionality.
(Immediate mitigation done in #349 )
Don't remember/know. Pretty sure it's ok to remove.
Ok, then, let's leave it like this, and if we want it again, we'll open a new issue/PR/thing.
Thanks both.
It appears that the documentation uses an extension hosted in the polyfill.io domain. This domain has apparently been compromised https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-websites-all-you-need-to-know delivering malicious javascript to its client.
Let's not wait.