RSS Feed

Hotlinking to source code repositories is dangerous for the web

Ronny,

Comments
Article
A tiny cookie-thief is hidden far after the visible 'end of line', making it difficult to notice

If you're linking to a JavaScipt file hosted on a source code repositories, you're putting your site and the web at risk.

Code repos could be compromised fairly easily either by hacking into maintainers' computers or github accounts, or by simply submitting innocent-looking patches which contain malicous code. If your favorite open source project does 'catch something' and your site hotlinks to it, your users will get the malicous code within minutes.

Read More