security: remove polyfill.io script tag

[sinatragianpaolo]

Summary

• Removes the polyfill.io CDN script tag from public/index.html

The polyfill.io domain was sold in 2024 to an external company that started injecting malicious JavaScript into CDN responses, targeting mobile users with redirects to scam sites. The original library author publicly recommended against using it, and AGID published an official advisory.

All loaded features (String.prototype.replaceAll, IntersectionObserver, Array.prototype.map, Array.prototype.reduce) are natively supported by all browsers released in the last 5 years — no alternative polyfill is needed.

Reference: https://www.agid.gov.it/it/notizie/polyfillio-il-cert-agid-consiglia-alle-pa-che-lo-utilizzano-sui-loro-siti-di-rimuoverlo

Test plan

• Verify the app loads correctly in Chrome, Firefox, Safari
• Verify no console errors related to missing polyfills
• Check that features using replaceAll, IntersectionObserver, map, reduce still work as expected

[currents-bot]

❌

Currents Tests: Tryber.me tests failed after 3m 46.8s

🟢 241 · 🔴 1 · ⚪️ 0 · 🟣 1

View Run Details

Run Details

• Project: Tryber.me

• Groups: 1

• Framework: Playwright

• Run Status: Failed

• Commit: 3d594c9

• Spec files: 13

• Overall tests: 242

• Duration: 3m 46.8s

• Parallelization: 0

Failed Spec Files

Spec File	Failures
e2e/wallet/table_net_gross.spec.ts	1

---

This message was posted automatically by currents.dev | Integration Settings