Jump to content
thirty bees forum

Polyfill Malware?


jmeca

Recommended Posts

I have received several messages that Polyfill is installed on my site and that it has been recently considered as malware.

I have tried to find where it is installed to deactivate it, but I have not found anything and I do not know what function it performs.

Is there anyone who can help me to disable it? please.

Link to comment
Share on other sites

Community themes, and some third party themes, use polyfill.io service to increase browser compatibility.

Unfortunately, that service was bought by some chinese scums, and is now used to distribute malware (sonetimes)

You have to

1) investigate what js files are fetched from that service

2) download the JavaScript file and verify that it does not include malware

3) upload it to your own server

4) modify theme to use your own copy of JavaScript 

For community theme, it is this line: https://github.com/thirtybees/niara/blob/341cf27338837191882bbe859c01713c6b1bd9c7/header.tpl#L63

This one is not needed anymore, so the easiest solution us to simply delete this line.

If your theme/modules include other polyfills, you should follow the steps above

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...