Does all of these third-party javascript files include a security risk?

Question

Does all of these third-party javascript files include a security risk?

When you have all these various javascript files that are included on the page for various services, such as website analytics, click tracking, etc., does this pose a big security risk, since with javascript they can grab credit face card that is entered on the form?

How is it even considered safe at the moment?

Meaning, your server is safe, your payment provider is safe, you have SSL, but if someone has to hack any of these services that people use (I see more than 10+ services that many sites use to track clicks related to advertising, etc.), they may contain a form of payment.

+4

javascript security stripe-payments pci-compliance

cool breeze Nov 23 '15 at 18:49

source share

2 answers

SilverlightFox · Answer 1 · 2015-11-25T09:14:02+0000

Yes, this is a security risk known as a third-party script include.

By including a script in your third-party page, you trust that the external domain is not malicious and is not at risk. Using the tag <script src="//example.com">, a third-party domain has full control over the DOM on your site. They can enter any desired JavaScript.

, . PageFair , , . , script, , . , , , , Google Facebook, , , , script, .

:

<script src="https://example.com/example-framework.js"
        integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
        crossorigin="anonymous"></script>

, script . script, , , - , script .

, .

TheHansinator · Answer 2 · 2015-11-23T19:05:23+0000

. MDN , - , , - . - , . Google Analytics . .

, JavaScript HTTPS-, . , - HTTP HTTPS, , .

Does all of these third-party javascript files include a security risk?

More articles: