Polyfill.io Vulnerability: Is Liferay affected?
knowledge-article-header-disclaimer-how-to
knowledge-article-header-disclaimer
legacy-article
learn-legacy-article-disclaimer-text
Issue
-
An attribute
polyfill:true is observed in the source code of the website.
- Does it have anything to do with the domain 'https://polyfill.io'?
- Is Liferay affected by the Polyfill.js vulnerability?
Environment
- All environments [DXP 7.0 - DXP 7.4]
Resolution
- Polyfill is a common programming term, like
mock , stub , algorithm. It often refers to JavaScript code that implements an HTML5 or CSS web standard, either an established standard (supported by some browsers) on older browsers, or a proposed standard (not supported by any browsers) on existing browsers.
- The domain 'https://polyfill.io' provides "polyfills" that add functionality to older browsers built into newer versions.
- However, Liferay doesn't rely
cdn.polyfill.io or other *.polyfil.io domains to retrieve any polyfills and is not exposed to Polyfill.js vulnerability.
-
Please note that the third-party dependencies could include the polyfills from the domain 'https://polyfill.io' dynamically, so it is recommended that users should check any custom themes or developments to make sure they don’t use this URL to get their polyfills either.
did-this-article-resolve-your-issue
