[Hidden-tech] Hacked Javascript library
Elijah Gwynn
eli at egwynn.com
Mon Sep 23 19:38:36 UTC 2019
https://github.com/twitter/typeahead.js/
FYI It's a good idea to use [Subresource
Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity)
attributes on your externally-loaded resources to defend against these
scenarios.
Eli
On 23 Sep 2019, at 15:15, Alan Frank via Hidden-discuss wrote:
> A frequently-referenced Javascript library page for doing autosuggest
> dropdowns has been hacked. I am trying to either contact the author,
> find a clean copy, or even find a more appropriate place than this
> list to seek assistance. The page is
> //netsh.pp.ua/upwork-demo/1/js/typeahead.js. It was working fine
> until last Friday afternoon. I went to the home page for the URL and
> left a message shortly after I found the issue, but have gotten no
> response. I searched for the URL; there are several hits, but none
> where I was able to contact the author (I gave up after a while; there
> may yet be one).
>
> Any assistance would be greatly appreciated.
>
> --Alan
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion
> list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20190923/b1abf630/attachment-0001.html>
More information about the Hidden-discuss
mailing list