Update jquery and leverage SRI
rc-mattschwager opened this issue · comments
rc-mattschwager commented
Hi there,
I have a few suggestions for improving the security of the third-party jquery
script loaded here: https://github.com/sourcey/spectacle/blob/master/app/views/partials/layout/head.hbs#L9
- Upgrade
jquery
to the latest version - there are currently known CVEs in2.1.4
: https://snyk.io/test/npm/jquery/2.1.4 - Leverage SRI on the
script
attribute: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
These security issues were noted in a website generated by this tool.