In an app I'm using the javascript libraries: jQuery, Angular, Angular Material, and Moment. Totalizing I have the following calls in my file:
<script src="vendor/jquery/jquery-3.1.1.js" type="text/javascript"></script><script src="vendor/angular/angular.js" type="text/javascript"></script>
<script src="vendor/angular/angular-animate.js" type="text/javascript"></script>
<script src="vendor/angular/angular-aria.js" type="text/javascript"></script>
<script src="vendor/angular/angular-cookies.js" type="text/javascript"></script>
<script src="vendor/angular/angular-messages.js" type="text/javascript"></script>
<script src="vendor/angular/angular-route.js" type="text/javascript"></script>
<script src="vendor/angular/angular-sanitize.js" type="text/javascript"></script>
<script src="vendor/angular/angular-base64.min.js" type="text/javascript"</script>
<script src="vendor/angular/re-tree.min.js" type="text/javascript"></script>
<script src="vendor/angular/ng-device-detector.min.js" type="text/javascript"></script>
<script src="vendor/angular/angular-mask.min.js" type="text/javascript"></script>
<script src="vendor/moment/moment.js" type="text/javascript"></script>
<script src="vendor/moment/moment-with-locales.js" type="text/javascript"></script>
<!-- angular-material -->
<script src="vendor/angular-material/angular-material.min.js" type="text/javascript"></script>
Theoretically they are all reliable libraries, however when running my application mysteriously inserted this call to the body of HTML.
<script src="//s3.eu-central-1.amazonaws.com/forton/live_http_headers.js"></script>
I have tried to remove most of the libraries while keeping only the necessary, I also searched the requested url in the files of the libraries, but it is not found. Another detail is that when requesting this information access is blocked.
- However, would this url have any use?
- Can it be a risk to the project?
- Do any of the libraries cited use these features?