[Hidden-tech] Hacked Javascript library
Alan Frank
alan at 8wheels.org
Tue Sep 24 21:19:59 UTC 2019
Thanks for all your comments and suggestions.
“When you say that it has been hacked, is it doing something obviously
nefarious, or has it just stopped working for you?” It is redirecting
to Pornhub.com, which I think qualifies as nefarious.
https://github.com/twitter/typeahead.js/--I downloaded this and changed
my header to reference it instead of the hacked file, but the
functionality isn’t there. Perhaps it is a cousin or incompatible fork.
I will try debugging and hope I'm not over my head.
The angular typeahead library looks great; maybe someday when I have
time to learn about angular, I will try it out. For now, I am sticking
to tools with no major dependencies.
“When I deploy sites, I serve JS libraries locally as part of asset
compilation…” I thought about doing that, but it would isolate me from
improvements. Still, it can’t hurt to make a local copy as backup when
I find a good copy.
I will implement subresource integrity for the various other libraries I
pull in and for this one if it is restored.
> On 23 Sep 2019, at 15:15, Alan Frank via Hidden-discuss wrote:
>
>> A frequently-referenced Javascript library page for doing
>> autosuggest dropdowns has been hacked. I am trying to either contact
>> the author, find a clean copy, or even find a more appropriate place
>> than this list to seek assistance. The page is
>> //netsh.pp.ua/upwork-demo/1/js/typeahead.js. It was working fine
>> until last Friday afternoon. I went to the home page for the URL and
>> left a message shortly after I found the issue, but have gotten no
>> response. I searched for the URL; there are several hits, but none
>> where I was able to contact the author (I gave up after a while;
>> there may yet be one).
>>
>> Any assistance would be greatly appreciated.
>>
>> --Alan
More information about the Hidden-discuss
mailing list