SECURE JAVASCRIPT LIBRARIES - Hubspot not meeting the web grader requirements

SOLVE
kirstysweeney
Participant

kirstysweeney_0-1597666277557.png

Any one know how I can get this fixed? I cant find anything on it. Is this an all over Hubspot CMS issue?

Any help appreciated.

0 Upvotes
1 Accepted solution

Accepted Solutions
jmclaren
Solution
HubSpot Employee

Hey all,

I wanted to share that we have a guide for upgrading jQuery to the latest version and encourage you to check it out if you are seeing an issue with website grader.

As was stated previously by Kevin-C, upgrading jQuery across all customer websites is not a trivial task. We can't know if your modules, templates etc depend on that older version of jQuery. If we were to force upgrade everyone, it is highly likely a substantial number of websites would break.

 

Instead we would rather not require you to need jQuery at all. In today's age when JavaScript itself supports most of what jQuery was capable of out of the box, many developers actually prefer to not use jQuery in the first place. That is why you can disable jQuery. We also will not be providing new versions of jQuery through site settings. This option was originally provided because HubSpot code needed to be relying on the same version as you. HubSpot no longer needs to do that. So to give you the greatest range of freedom and a more normal development path jQuery can be fully disabled.

You can add in the latest version of jQuery if you wish by using require_js. Additionally for a small performance gain you could upload jQuery to your developer file system so you can take advantage of having all of your files in the HubSpot CDN.

Jon McLaren

Sr. CMS Developer Advocate

If my reply answered your question, please mark it as a solution, to make it easier for others to find.

View solution in original post

8 Replies 8
Chris-M
Top Contributor

Hello @kirstysweeney,

 

basicly HubSpot loads an old version of jQuery as default, in the "Settings -> Website -> Page -> Template" you can change the version of jQuery, you can choose between 17.X and 1.11.X... These versions will also give you a security error, since jQuery is already on 3.5.X, to fix the probleme you can exclude the HubSpot default jQuery library and include your own (new version) jQuery JavaScript.

 

Here are also some references of the same issue:

https://community.hubspot.com/t5/CMS-Development/jQuery-version-security-issue-when-website-tested-o...

https://community.hubspot.com/t5/CMS-Development/Issues-with-site-speed/m-p/355186#M17565

- Chris

kirstysweeney
Participant

Is it just me, but since I pay so  much for the CMS, perhaps I expect it to pass the test you publicly advocate? 🤔

 

How about Hubspot fix this issue? Just a thought!😁

Kevin-C
Key Advisor | Partner

If I'm not mistake HS uses that older version of jQuery to ensure compatability with older browsers. That grader tool won't take that into account as it's designed to opitmize for more modern browsers. It's also very important to really unerstand what and how the grader is grading.

 

Upgrading all HS instances to a new verison may very well alienate a customer base that does not have the ability to upgrade their browsers. That inability can be one of many reasons, from legacy B2B software, to strick IT security requirements.

 

Essentially a safety net for the lowest common denominator. You don't want to pay all that money for a website that your customer base can't use!

 

With that said understanding the end-user, your customer is extremely important both in the design of the site but also the technologies used. I agree this is kind of a shock if its not fully understood and that this might have been better handled by the person that set up your instance.

 

Just my 2 cents.

 

TL;DR

Blanket solutions ≠ good idea.

Ability to individually assess and implement a solution based on user research = good idea.

 

See @Chris-M answer for solutions or here to get it from HS.

dennisedson
Community Manager

As an update to this, jQuery is now fully optional.  There is a checkbox in the settings on turning it on and off.  If you need jQuery, it is recommended that you load it yourself. 

There were components that required the older version of jQuery which slowed down the ability to fully remove it as a dependency. 

Thanks,

Dennis


We are excited to announce that the Community will be launching a weekly newsletter on November 2, 2020!
Sign up today!
markwilliams62
Participant

We fixed it ouersleves in the end

markwilliams62
Participant

I totally agree.  I recently ran websitegrader on our site and noticed it was marked down due to this very issue. It's incredible that we as HubSpot clients can't rely on the platform to be kept updated.

Jamshaid
Member

Can you please share the URL of your website, so I take a look?

0 Upvotes
jmclaren
Solution
HubSpot Employee

Hey all,

I wanted to share that we have a guide for upgrading jQuery to the latest version and encourage you to check it out if you are seeing an issue with website grader.

As was stated previously by Kevin-C, upgrading jQuery across all customer websites is not a trivial task. We can't know if your modules, templates etc depend on that older version of jQuery. If we were to force upgrade everyone, it is highly likely a substantial number of websites would break.

 

Instead we would rather not require you to need jQuery at all. In today's age when JavaScript itself supports most of what jQuery was capable of out of the box, many developers actually prefer to not use jQuery in the first place. That is why you can disable jQuery. We also will not be providing new versions of jQuery through site settings. This option was originally provided because HubSpot code needed to be relying on the same version as you. HubSpot no longer needs to do that. So to give you the greatest range of freedom and a more normal development path jQuery can be fully disabled.

You can add in the latest version of jQuery if you wish by using require_js. Additionally for a small performance gain you could upload jQuery to your developer file system so you can take advantage of having all of your files in the HubSpot CDN.

Jon McLaren

Sr. CMS Developer Advocate

If my reply answered your question, please mark it as a solution, to make it easier for others to find.

View solution in original post