hannah aubry

#polyfill #web #WebDev #WebDevelopment #app #appsecurity #appsec #cybersecurity #security

https://x.com/triblondon/status/1761852117579427975?s=46

Andrew Betts (@triblondon) on X

If your website uses https://t.co/3xHecLPXkB, remove it IMMEDIATELY. I created the polyfill service project but I have never owned the domain name and I have had no influence over its sale.

X (formerly Twitter)
Feb 26, 2024 at 1:32amWeb
Show threadabs(in)theFeb 26, 2024

@haubles
I'd just like to boost hannah's very timely post of Andrew's "Remove polyfill.io" message...

Just had a client report that a #polyfill include started breaking one of their pages this morning... a page which integrated a PSP card payment system

#infosec

Show threadabs(in)theFeb 26, 2024

@haubles #polyfill issues only seen on recent iOS and Safari in javascript payment integration and symptom was a blown stack

[Error] RangeError: Maximum call stack size exceeded.

Now, may be all perfectly innocent... but a good reminder about directly including third party hosted content

Remember kids, don't get into the "Just Include This Remote Javascript URL In Your Page To Automatically Make Everything Better" van unless you have performed a liability audit on the candy

#infosec

Show threadJernej Simončič �Feb 26, 2024
@haubles Here's the full Twitter thread:
Show threadJørnFeb 26, 2024
@haubles @eniko I don’t have Xitter, what’s this?