security: remove polyfill.io script tag from public/index.html

sinatragianpaolo · sinatragianpaolo · commit 3d594c9e59c0 · 2026-03-09T18:15:24.000+01:00
The polyfill.io domain was compromised in 2024 and used to inject
malicious JavaScript via CDN responses. All loaded features (replaceAll,
IntersectionObserver, map, reduce) are natively supported by all modern
browsers — no alternative needed.
diff --git a/public/index.html b/public/index.html
@@ -79,7 +79,6 @@
       type="text/css"
       media="all"
     />
-    <script src="https://polyfill.io/v3/polyfill.min.js?features=String.prototype.replaceAll%2CIntersectionObserver%2CArray.prototype.map%2CArray.prototype.reduce"></script>
     <script
       type="text/javascript"
       src="https://maps.googleapis.com/maps/api/js?key=AIzaSyDy8e6_8uv8JnNZFRXng6HfbhnhvobWyac&libraries=places"
