home.social
Sign in Create account

#polyfillio โ€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #polyfillio, aggregated by home.social.

  1. ๐Ÿชฌ๐Ÿ„๐ŸŒˆ๐ŸŽฎ๐Ÿ’ป๐Ÿšฒ๐Ÿฅ“๐ŸŽƒ๐Ÿ’€๐Ÿด๐Ÿ›ปโ™“๐Ÿงฟ @[email protected] ยท

    Y'all remember #PolyfillIO?

    I realize the lesson there is; don't depend on code from domains you don't control, and in an ideal world that's what you should do

    But is there still a need there? Are there #webPlatform features you'd like to use but you don't want to introduce a build process just to bundle the #polyfill from #NPM?

    Or is there no point in #polyfills since #browsers don't share caches between origins these days so there's no precaching benefit anymore?

    #webDev #javaScript #web

    #polyfillio #webplatform #polyfill #npm #polyfills #browsers
  2. ๐Ÿชฌ๐Ÿ„๐ŸŒˆ๐ŸŽฎ๐Ÿ’ป๐Ÿšฒ๐Ÿฅ“๐ŸŽƒ๐Ÿ’€๐Ÿด๐Ÿ›ปโ™“๐Ÿงฟ @[email protected] ยท

    So, I'm thinking; what if I build polyfill.io, but on the Blockchain! Hey come back..

    Hear me out; #fleekfunctions are immutable, and transparent. So long as the #fleeknetwork nodes can be trusted to execute the code properly (I presume there are cryptographic guarantees of output validity) then it could be safer from supply chain attacks.

    #webDev #polyfillio #polyfill #supplyChain #hacking #web3 #blockchain #fleek #javaScript

    #fleekfunctions #fleeknetwork #webdev #polyfillio #polyfill #supplychain
  3. ๐Ÿชฌ๐Ÿ„๐ŸŒˆ๐ŸŽฎ๐Ÿ’ป๐Ÿšฒ๐Ÿฅ“๐ŸŽƒ๐Ÿ’€๐Ÿด๐Ÿ›ปโ™“๐Ÿงฟ @[email protected] ยท

    > #China-based company #Funnull acquired the domain and the GitHub account that hosted the #JavaScript code. On June 25, researchers from #security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites. The code was deliberately designed to mask the redirections by performing them only at certain times of the day and only against visitors who met specific criteria.

    arstechnica.com/security/2024/

    #polyfillio #supplyChain

    #china #funnull #javascript #security #polyfillio #supplychain
  4. iam-py-test :transgender_flag: :neocat_flag_lesbian: @[email protected] ยท

    GitHub has placed a warning on the PolyfillIO repository (github.com/polyfillpolyfill/po), and has denied access for non-logged in users. The other two repositories owned by that account are unblocked. Dismissing the warning appears to be permanent for an account.

    #PolyfillIo #polyfillIoAttack #GitHubSecurity

    #polyfillio #polyfillioattack #githubsecurity
  5. Greg Harvey ๐ŸŒ @[email protected] ยท

    Related to @jeni's post on #Drupal Quicklink (drupal.community/@jeni/1126834), there's also a #Webform risk, explained here:
    drupal.org/project/webform/iss

    You're not vulnerable just by having Webform, you have to have enabled the Choices sub module both at system and field level.

    HTH! #infosec #polyfill #polyfillio

    #drupal #webform #infosec #polyfill #polyfillio