[Hidden-tech] Hacked Javascript library
Elijah Gwynn
eli at egwynn.com
Tue Sep 24 21:26:34 UTC 2019
> https://github.com/twitter/typeahead.js/ -- I downloaded this and
> changed my header to reference it instead of the hacked file, but the
> functionality isn’t there. Perhaps it is a cousin or incompatible
> fork. I will try debugging and hope I'm not over my head.
It's also quite possible that the latest version isn't compatible with
the version you had been using before. If you can't figure out what
version you were using before, you could just try a few of the various
releases they've put out and see if one of them works for you. You can
get those at https://github.com/twitter/typeahead.js/releases.
> “When I deploy sites, I serve JS libraries locally as part of asset
> compilation…” I thought about doing that, but it would isolate me
> from improvements. Still, it can’t hurt to make a local copy as
> backup when I find a good copy.
Yes, *do* keep backups! I'd also recommend using version control (e.g.
`git`) for as much of your site as possible to track and manage changes.
Eli
On 24 Sep 2019, at 17:19, Alan Frank wrote:
> Thanks for all your comments and suggestions.
>
> “When you say that it has been hacked, is it doing something
> obviously nefarious, or has it just stopped working for you?” It is
> redirecting to Pornhub.com, which I think qualifies as nefarious.
>
> https://github.com/twitter/typeahead.js/--I downloaded this and
> changed my header to reference it instead of the hacked file, but the
> functionality isn’t there. Perhaps it is a cousin or incompatible
> fork. I will try debugging and hope I'm not over my head.
>
> The angular typeahead library looks great; maybe someday when I have
> time to learn about angular, I will try it out. For now, I am
> sticking to tools with no major dependencies.
>
> “When I deploy sites, I serve JS libraries locally as part of asset
> compilation…” I thought about doing that, but it would isolate me
> from improvements. Still, it can’t hurt to make a local copy as
> backup when I find a good copy.
>
> I will implement subresource integrity for the various other libraries
> I pull in and for this one if it is restored.
>
>> On 23 Sep 2019, at 15:15, Alan Frank via Hidden-discuss wrote:
>>
>>> A frequently-referenced Javascript library page for doing
>>> autosuggest dropdowns has been hacked. I am trying to either contact
>>> the author, find a clean copy, or even find a more appropriate place
>>> than this list to seek assistance. The page is
>>> //netsh.pp.ua/upwork-demo/1/js/typeahead.js. It was working fine
>>> until last Friday afternoon. I went to the home page for the URL and
>>> left a message shortly after I found the issue, but have gotten no
>>> response. I searched for the URL; there are several hits, but none
>>> where I was able to contact the author (I gave up after a while;
>>> there may yet be one).
>>>
>>> Any assistance would be greatly appreciated.
>>>
>>> --Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20190924/9e1b6bf6/attachment.html>
More information about the Hidden-discuss
mailing list