From 8634bdb6760bba0be711aa72e1e6fcfa12c48aa5 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Wed, 3 Jul 2024 21:53:44 +0200 Subject: [PATCH] fix: Do not use polyfill scripts from polyfill.io The polyfill.io domain is under the control of a bad actor, see https://sansec.io/research/polyfill-supply-chain-attack Removing it completely should be fine, it is no more needed by modern browsers now that IE11 is not a concern anymore. --- lib/jekyll-spaceship/processors/mathjax-processor.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/jekyll-spaceship/processors/mathjax-processor.rb b/lib/jekyll-spaceship/processors/mathjax-processor.rb index 4c96f86..6f4d3ad 100644 --- a/lib/jekyll-spaceship/processors/mathjax-processor.rb +++ b/lib/jekyll-spaceship/processors/mathjax-processor.rb @@ -7,7 +7,6 @@ class MathjaxProcessor < Processor def self.config { 'src' => [ - 'https://polyfill.io/v3/polyfill.min.js?features=es6', 'https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js', ], 'config' => {