Remove reference to infected polyfill.io script

verbb / formie

The most user-friendly forms plugin for Craft CMS.

Other

93 stars 69 forks source link

Remove reference to infected polyfill.io script #1957

Closed jordyvanderhaegen closed 4 days ago

jordyvanderhaegen commented 4 days ago

Hi!

The documentation mentions a reference to polyfill.io, which was recently found to be infected.

This PR removes the reference entirely, as fetch and promises are now supported by most major browsers.

engram-design commented 4 days ago

Thanks for this and the explanation, what a disappointing end to a nifty project! Great that there's a Cloudflare alternative, but thankfully this is really no longer needed with evergreen browsers out there.

MattWilcox commented 3 days ago

Sorry, I'm not clear on this - has todays update (2.1.20) actually fixed this security issue with Polyfill.io? I don't see that in the changelog notes?

MattWilcox commented 3 days ago

Also, is Formie 1.6.x impacted?

engram-design commented 3 days ago

No version of Formie is directly impacted by this, technically. These are example templates that recommended to include the polyfill if you used the cache-busting JS we provided. As such, this is code included on your end in your project.

it can be simply and safely revoked from your project.

MattWilcox commented 3 days ago

Ahhh, awesome - thanks!