[Hidden-tech] Hacked Javascript library

Alan Frank alan at 8wheels.org
Tue Sep 24 21:19:59 UTC 2019


Thanks for all your comments and suggestions.

“When you say that it has been hacked, is it doing something obviously 
nefarious, or has it just stopped working for you?”  It is redirecting 
to Pornhub.com, which I think qualifies as nefarious.

https://github.com/twitter/typeahead.js/--I downloaded this and changed 
my header to reference it instead of the hacked file, but the 
functionality isn’t there.  Perhaps it is a cousin or incompatible fork. 
  I will try debugging and hope I'm not over my head.

The angular typeahead library looks great; maybe someday when I have 
time to learn about angular, I will try it out.  For now, I am sticking 
to tools with no major dependencies.

“When I deploy sites,  I serve JS libraries locally as part of asset 
compilation…” I thought about doing that, but it would isolate me from 
improvements.  Still, it can’t hurt to make a local copy as backup when 
I find a good copy.

I will implement subresource integrity for the various other libraries I 
pull in and for this one if it is restored.

> On 23 Sep 2019, at 15:15, Alan Frank via Hidden-discuss wrote:
> 
>> A frequently-referenced Javascript library page for doing
>> autosuggest dropdowns has been hacked. I am trying to either contact
>> the author, find a clean copy, or even find a more appropriate place
>> than this list to seek assistance. The page is
>> //netsh.pp.ua/upwork-demo/1/js/typeahead.js. It was working fine
>> until last Friday afternoon. I went to the home page for the URL and
>> left a message shortly after I found the issue, but have gotten no
>> response. I searched for the URL; there are several hits, but none
>> where I was able to contact the author (I gave up after a while;
>> there may yet be one).
>> 
>> Any assistance would be greatly appreciated.
>> 
>> --Alan


Google

More information about the Hidden-discuss mailing list