mirror of
https://github.com/onkelbeh/cheatsheets.git
synced 2025-10-15 23:18:52 +02:00
5c9fd725cf
A warning is added to the polyfill.io sheet in relation to the malicious script that is now being served by polyfill.io. Removed all links to that domain. The code snippets have also been updated to use Cloudflare's script instead. This allows users to keep using polyfill securely while they move their codebase away from using this polyfill. Cloudflare press release: https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk Fixes #2145 --------- Co-authored-by: Rico Sta. Cruz <rstacruz@users.noreply.github.com>
1.5 KiB
1.5 KiB
title, category, updated, intro
| title | category | updated | intro |
|---|---|---|---|
| Polyfill.io | JavaScript libraries | 2024-06-26 | Polyfill.io is a service that serves JavaScript polyfills. |
Usage
Critical security warning
⚠️ The polyfill.io CDN domain is currently being used in a web supply chain attack and is serving malicious code. Remove any references to this domain from your codebase immediately. Use alternative CDN providers like cdnjs.cloudflare.com as shown in the examples below.
Default usage
<script src="https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js"></script>
{: .-wrap}
This is the default script for Polyfill.io.
References
- Cloudflare now serves polyfill.io (blog.cloudflare.com)
Optimized
For modern browsers
<script>if(!(window.Promise&&[].includes&&Object.assign&&window.Map)){document.write('<script src="https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js"></scr'+'ipt>')}</script>
This only includes polyfill.io when necessary, skipping it for modern browsers for faster load times.
Extra features
<script>if(!(window.fetch&&window.Promise&&[].includes&&Object.assign&&window.Map)){document.write('<script src="https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js?features=default,fetch"></scr'+'ipt>')}</script>
This is the same as the previous, but also adds a polyfill for window.fetch(). We add a window.fetch check and loads the additional fetch feature.