Jump to content

Secure Javascript Library?

Recommended Posts

I ran my site through websitegrader to check its performance and one metric it got a 5/10 was security with this description:

SECURE JAVASCRIPT LIBRARIES
I'm not feeling safe here.
Intruders can exploit outdated JavaScript libraries. Using the latest version of each library and updating it regularly will help keep you safe.

However, I there is no javascript in the Settings -> Advanced -> Code Injection,  header, footer lock page etc. Is there another Library I can update?

Link to comment

JavaScript libraries would be libraries like jQuery. Many folks find some code examples they want to use that were created ages ago and use those versions that reference old libraries that were surpassed by many newer versions. So that report point is quite correct on suggesting updating libraries. Now you have to be careful because just throwing in a newer version of a library may actually break the old code that used the old version of the library code.

Also be aware that SS probably uses a few JS libraries that you have no control over. There is no way for you to access SS's backend to update those libraries.

Please post the URL for a page on your site where we can see your issue.

A link to the backend of the your site won’t work for us, i.e. a url that contains /config/.

Please set up a site-wide password, if your site is not public and you've not already done so.

Post the password here.

Adding a site-wide password does not allow anyone to alter your site. It only allows those with the password to see your site.

Please read the site-wide password and how to share a link documentation to understand how they work.

We can then take a look at your issue.

You may find How to post a forum question post useful.

Find my contributions useful? Please like, upvote, mark my answer as the best ( solution ), and see my profile. Thanks for your support! I am a Squarespace ( and other technological things ) consultant open for new projects.

Link to comment
Quote

gave me a 5/10 for security stating the JS libraries were vulnerable.

This could refer to Subresource Integrity. It's a way for the browser to know if the JS libraries you are loading have not been tampered with.

You have no control over the JS libraries SS loads and no way to add the required information so that the reporting tool would stop complaining.

You of course can spend the time with any JS libraries you added yourself.

I'd say don't jump through hoops because some tool tells you to. It's a hint, not a rule.

Find my contributions useful? Please like, upvote, mark my answer as the best ( solution ), and see my profile. Thanks for your support! I am a Squarespace ( and other technological things ) consultant open for new projects.

Link to comment
On 1/26/2023 at 12:25 AM, Notacoder said:

I ran my site through websitegrader to check its performance and one metric it got a 5/10 was security. However, I there is no javascript in the Settings -> Advanced -> Code Injection,  header, footer lock page etc.

The tool is giving good general advice but the security grading is incorrect because it is a generic tool that hasn't been built to check Squarespace, and cannot tell the difference between the approved built-in libraries that Squarespace host and potentially dangerous third party libraries.

If you were loading JavaScript through a Code Injection panel (or in a Code Block) then you would definitely want to follow the advice (and @creedon's comments) to ensure you are using the latest verified version of library, but as your site is only loading the libraries that Squarespace have checked, there should be no cause for concern.

Did this help? Please give feedback by clicking an icon below  ⬇️

About me: I'm Paul. A SQSP User for 18 yrs, I joined Circle when it launched in 2016 and have been a Circle Leader since 2017. I value honesty, transparency, diversity and good design ♥.
Work: Founder of SF.DIGITAL, providing expertise and extensions to supercharge your Squarespace website. 
Content: Views and opinions are my own. Links in my posts may refer to my own SF.DIGITAL products or may be affiliate links.
Forum advice is free. You can thank me by clicking one of the feedback emojis below. Coffee fuels my work.

Book paid help with a Squarespace Domain

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

×
×
  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Hire a Designer

Stand out online with the help of an experienced designer or developer.