Last week news around polyfill.io was circulating in that it was acquired by a Chinese company and they modified a Javascript library to redirect users to malicious and scam websites. Google were alerting Google Ads users about this.
More than 110,000 websites were affected, see this article.
Whilst we didn’t receive any direct reports of affected users experiencing these reported issues, Polyfill is a service that ConvertBox uses to help older browsers support modern browser functionality, specifically users on iOS9 or IE11 and earlier. This makes up less than 0.5% of internet traffic, thankfully.
Last week shortly after this became known, we removed our dependency on Polyfill.io. A number of popular CDNs such as Cloudflare have offered alternative endpoints for the Polyfill Library and we switched to a non-comprised version of the library hosted by Fastly.com.
Since last week, we’ve had a number of FAQs both in our community and support and to help address them below;
- What do I need to do?
There are no code changes or updates to your website that you need to do yourself. Polyfill.io is no longer called by ConvertBox. New visitors to your site will be automatically using the newer code. - My ConvertBoxes are not loading.
Your browser may be caching the old ConvertBox script if you’ve previously visited, which will be making calls to the old polyfill.io domain and so you may need to clear your browser cache to start seeing your ConvertBoxes again.
If you’re wanting to ‘test’ things, we always recommend using a private browser window for testing.
My ConvertBoxes are not loading.
Your browser may be caching the old ConvertBox script if you’ve previously visited, which will be making calls to the old polyfill.io domain and so you may need to clear your browser cache to start seeing your ConvertBoxes again.
If you’re wanting to ‘test’ things, we always recommend using a private browser window for testing.
Still can’t see your ConvertBoxes loading? Be sure to run through our checklist. - Why can I still see Polyfill being loaded on my site?
Polyfill is still called by ConvertBox, but we now use a safe version hosted by Fastly.com. You will see the script is loaded from the domain; polyfill-fastly.io which is their CDN.