FS#19045 - {archweb} https://www.archlinux.org/devel/ loads external javascript
Attached to Project:
Arch Linux
Opened by Pierre Schmitz (Pierre) - Sunday, 11 April 2010, 16:44 GMT
Last edited by Dan McGee (toofishes) - Thursday, 23 September 2010, 04:21 GMT
Opened by Pierre Schmitz (Pierre) - Sunday, 11 April 2010, 16:44 GMT
Last edited by Dan McGee (toofishes) - Thursday, 23 September 2010, 04:21 GMT
|
Details
The dev website (at least
https://www.archlinux.org/devel/) loads a javascript lirbrary from
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js. This is a security issue and could affect our site when
their's are down.
I would suggest to download that file and use a local copy. |
This task depends upon
Closed by Dan McGee (toofishes)
Thursday, 23 September 2010, 04:21 GMT
Reason for closing: Fixed
Additional comments about closing: 47c95a2821d1fb926446d2379d4b2273af5482dc
Thursday, 23 September 2010, 04:21 GMT
Reason for closing: Fixed
Additional comments about closing: 47c95a2821d1fb926446d2379d4b2273af5482dc
http://projects.archlinux.org/archweb.git/commit/?id=680ddeb0894df7d0e6939d9fc6d542ee1c585817
1. There site will not be down unless the world has caught fire, so I'm not too worried there.
2. We formerly did use a local copy, but it really isn't of any benefit unless you've looked through all of that as well and can assure me it is legit. I more than trust them to serve up the correct file. I could be convinced to use an https:// URL for it, however, when you are browsing our site on HTTPS.