Secure your site: Remove Polyfill references from iframe settings
polyfill.io malware security alert
The polyfill.io website has been reported to serve malicious code. The polyfill.js
script is a popular open source library to support older browsers. If your site uses this script, it is recommended that you remove it immediately.
Clover previously provided sample code in our documentation for those who wanted to support Microsoft Internet Explorer 11 browser with Clover-hosted Ecommerce Iframe. The sample code referenced a Polyfill script.
Our documentation has now been updated to remove the Polyfill example.
Secure your site
Developers using the Clover-hosted iframe integration are advised to check their code and remove any reference to
cdn.polyfill.io
.For example:
<head>
...
delete this→ <script src="https://cdn.polyfill.io/v3/polyfill.min.js"></script> ←
<script src="https://checkout.sandbox.dev.clover.com/sdk.js"></script>
</head>
For additional information about the security concern with using polyfill script, see the related announcement.
References to advisories and related announcements:
- CVE-2024-38526
- Polyfill supply chain attack hits 100K+ sites
- GitHub Security Advisories:
By selecting these links, you will be leaving the Clover Developer Documentation site.
We provided these links to other websites for informational purposes only.
No inference of endorsement should be drawn for any commercial products, views, or
facts presented on these sites.
Updated 1 day ago