evaldsmtb.se: breakage

[egonprint]

Prerequisites

• This is NOT a YouTube, Facebook, Twitch or a shortener/hosting site report. These sites MUST be reported by clicking their respective links.
• I read and understand the policy about what is a valid filter issue.
• I verified that this issue is not a duplicate. (Use this button to find out.)
• I did not remove any of the default filter lists, or I have verified that the issue was not caused by removing any of the default lists.
• I did not enable additional filter lists, or I have verified that the issue still occurs without enabling additional filter lists.
• I do not have custom filters/rules, or I have verified that the issue still occurs without custom filters/rules.
• I am not using uBlock Origin along with other content blockers.
• I have verified that the web browser's built-in content blocker/tracking protection, network wide/DNS blocking, or my VPN is not causing the issue.
• I have verified that other extensions are not causing the issue.
• If this is about a breakage or detection, I have verified that it is caused by uBlock Origin and isn't a site issue.
• I did not answer truthfully to ALL the above checkboxes.

URL address of the web page

https://www.evaldsmtb.se/

Category

breakage

Description

search is not working when uBlock is active

Other extensions used

None

Screenshot(s)

Screenshot(s)

Configuration

uBlock Origin: 1.58.0
Firefox: 127
filterset (summary):
 network: 139923
 cosmetic: 49587
 scriptlet: 20177
 html: 1863
listset (total-discarded, last-updated):
 default:
  user-filters: 0-0, never
  ublock-filters: 38949-114, 21m Δ
  ublock-badware: 8871-0, 21m Δ
  ublock-privacy: 929-2, 21m Δ
  ublock-unbreak: 2423-2, 21m Δ
  ublock-quick-fixes: 103-2, 21m Δ
  easylist: 87253-179, 21m Δ
  easyprivacy: 51096-64, 21m Δ
  urlhaus-1: 15190-0, now
  plowe-0: 3551-989, now
  SWE-1: 4714-22, now
filterset (user): [empty]
trustedset:
 added: [array of 17 redacted]
switchRuleset:
 added: [array of 1 redacted]
userSettings: [none]
hiddenSettings: [none]
supportStats:
 allReadyAfter: 476 ms (selfie)
 maxAssetCacheWait: 46 ms
 cacheBackend: indexedDB
popupPanel:
 blocked: 1
 network:
  polyfill.io: 1

[SISheogorath]

Interesting, they put polyfill.io into their dependency chain. See the callback in the URL https://cdn.polyfill.io/v3/polyfill.min.js?callback=bootShop&features=es6,Object.values,Object.entries,Object.keys,Object.assign,Array.prototype.find,Array.prototype.findIndex,Array.prototype.flatMap,Array.prototype.includes,Array.prototype.keys,Array.from,Array.prototype.fill,String.prototype.endsWith,String.prototype.startsWith,URL,IntersectionObserver,Intl.~locale.sv,Promise,fetch,Symbol,ResizeObserver&flags=gated.

That's quite unfortunate since now one has to decide between potentially backdoored polyfill or functional website. :/

I recently added polyfill.io after research dropped that their service injects malware into the resources. (#24255)

[egonprint]

That is not good. But perhaps not surprising, they know little about web dev. and most likely been using the same system for ages. I will inform they of this.

[stephenhawk8054]

@egonprint You can tell them to change the link to cloudflare's version: https://cdn.polyfill.io to https://cdnjs.cloudflare.com/polyfill/ if they can't update the code right now.

More information in: https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk

[stephenhawk8054]

Namecheap has taken down the polyfill.io domain (I can't access that domain any more even without uBO) so yeah, I think it's better for the website to update their code: https://socket.dev/blog/namecheap-takes-down-polyfill-io-service-following-supply-chain-attack