Results 1 to 5 of 5
  1. #1
    Join Date
    Nov 2008
    Posts
    183
    Plugin Contributions
    0

    Default external calls to jquery.com

    zc156c
    php7.2x
    mysql5.7x

    Unless I'm mistaken, it appears that both the front end and the admin side make calls to jquery.com .

    If this is happening, can it be prevented by adding some additional content from jquery to my website and have it called locally instead?

    What if jquery.com goes down, or disappears, will my site still work? What if jquery gets hacked, could that cause something bad to be injected back into the store?

    Having calls from the admin side would likely be sending the name of my admin directory to someone else, not something I really care to have happening.

    Just a little concerned about security and having to depend on a third party site for proper operation of my store.

    thanks,
    Ed

  2. #2
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    8,956
    Plugin Contributions
    71

    Default Re: external calls to jquery.com

    The jQuery 'load' in the zc156c admin occurs from /admin/includes/javascript_loader.php:
    Code:
    <?php
    /**
     * This file is inserted at the start of the body tag, just above the header menu, and loads most of the admin javascript components
     *
     * @package admin
     * @copyright Copyright 2003-2019 Zen Cart Development Team
     * @copyright Portions Copyright 2003 osCommerce
     * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
     * @version $Id: Zen4All 2019 Apr 25 Modified in v1.5.6b $
     */
    ?>
    <script>window.jQuery || document.write('<script src="https://code.jquery.com/jquery-3.4.0.min.js" integrity="sha256-BJeo0qm959uMBGb65z40ejJYGSgR7REI4+CW1fNKwOg=" crossorigin="anonymous""><\/script>');</script>
    <script>window.jQuery || document.write('<script src="includes/javascript/jquery-3.4.0.min.js"><\/script>');</script>
    
    <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
    <!--<script src="https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js" integrity="sha384-aJ21OjlMXNL5UyIl/XNwTMqvzeRMZH2w8c5cRVpzpU8Y5bApTppSuUkhZXN0VxHd" crossorigin="anonymous"></script>-->
    <script src="includes/javascript/bootstrap.min.js"></script>
    
    <script src="includes/javascript/jquery-ui-i18n.min.js"></script>
    <script>
    // init datepicker defaults with localization
    $(function(){
      $.datepicker.setDefaults($.extend({}, $.datepicker.regional["<?php echo $_SESSION['languages_code'] == 'en' ? '' : $_SESSION['languages_code']; ?>"], {
          dateFormat: '<?php echo DATE_FORMAT_DATE_PICKER; ?>',
          changeMonth: true,
          changeYear: true,
          showOtherMonths: true,
          selectOtherMonths: true,
          showButtonPanel: true
      }) );
    });
    </script>
    <?php if (file_exists(DIR_WS_INCLUDES . 'keepalive_module.php')) require(DIR_WS_INCLUDES . 'keepalive_module.php'); ?>
    
    <?php require DIR_FS_CATALOG . 'includes/templates/template_default/jscript/jscript_framework.php'; ?>
    You can comment-out the highlighted line, above, to cause the locally-available version of jQuery to be loaded. I'm not sure why the admin requires jquery-ui.js (I'm sure that someone knowledgeable can chime in).

  3. #3
    Join Date
    Dec 2007
    Location
    Payson, AZ
    Posts
    869
    Plugin Contributions
    12

    Default Re: external calls to jquery.com

    CDN...

    A CDN is a network of computers that delivers content. More specifically, it's a bunch of servers geographically positioned between the origin server of some web content, and the user requesting it, all with the purpose of delivering the content faster by reducing latency.
    So I really don't think they would go down as often as your own site or hacked... You can maintain your own version but keep in mind that it wont get any bug fixes or updates, you well have to do it yourself..

    jquery-ui.js helps with the calendar and many form fields..
    Dave
    Always forward thinking... MySite..

  4. #4
    Join Date
    Nov 2008
    Posts
    183
    Plugin Contributions
    0

    Default Re: external calls to jquery.com

    Thanks for the replies and info. It just seemed like executing code from another site could be a potential source of trouble.

  5. #5
    Join Date
    Feb 2006
    Location
    Tampa Bay, Florida
    Posts
    6,607
    Plugin Contributions
    260

    Default Re: external calls to jquery.com

    Pulling it in from the CDN is actually the preferred approach.
    That Software Guy, Plugin Moderator. Store: Zen Cart Modifications
    Available for hire - See my ad in Services
    Contributions: Quantity Discounts, Better Together, SMS on Sale, Gift Wrap at Checkout, and more.

 

 

Similar Threads

  1. Replies: 2
    Last Post: 29 Mar 2016, 01:47 PM
  2. External Link Opens Internal - Not External - Page
    By missTish! in forum Templates, Stylesheets, Page Layout
    Replies: 1
    Last Post: 20 Apr 2011, 01:18 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR