[BirdOPrey5]

Quote:

Originally Posted by X-or

First the product shows nonsensical results which were reported, but the author didn't react.
Secondly the product definitely uses external content and the author didn't put the proper warning, for example in admincp/slowplugins.php

line 15 : <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>

I have recently received an email on a mail address I have never use besides receiving notification from my vbulletin, I'm trying to find where is the backdoor and this one product seems to be the most suspicious of all, it has left tons of data in the sql database even after uninstall.

I think the code of this product should definitely be audited.

X-or never said that jquery was malicious, he said the call to jquery is use of external content, which it technically is. However when the flag for "Uses external content" was created (over a decade ago, probably closer to 15 years) it was intended to for mods that used code presumably hosted by the mod creator, not necessarily open, public, and used all over the web.

In the decade and a half since the external code flag was created it has become much more common to link to safe, reliable, libraries hosted by sites like Google.

vBulletin does this too, but as an option. No one has to to make external calls to Google to use vBulletin, but it's smart to do so.

Whether a call to external jquery raises to the level of needing to click the external content flag is a debate for site moderators, I can see good points for both sides.