hugo-theme-zzo icon indicating copy to clipboard operation
hugo-theme-zzo copied to clipboard
verified publisher icon zzossig

Recurrent update of embedded Java Script libraries

Open szpak opened this issue 5 years ago • 4 comments

It would be good to occasionally (especially on the regular basis) update versions of the embedded libraries. There could be some security (or regular) issues fixed (and of course some new introduced :) ).

szpak avatar Jun 30 '20 20:06 szpak

Why not use a cdn? AFAIK CDNs are much more appreciated rather than local css/js.

rahatzamancse avatar Jul 01 '20 06:07 rahatzamancse

yes i also support cdn

ahmadkakarr avatar Jul 19 '20 13:07 ahmadkakarr

I have forked this project and changed everything I needed to CDN in the CDN branch myself. If @zzossig wants, I can clean up and give a PR.

rahatzamancse avatar Jul 19 '20 14:07 rahatzamancse

@rahatzamancse For your (and your users) safety, you could use Subresource Integrity to verify the loaded library is the one you intended.

There are online generators to make the entries generation easier.

szpak avatar Aug 02 '20 19:08 szpak