From f94eb970e166023e5410a88a842254ed322e4088 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tr=E1=BA=A7n=20B=C3=A1ch?=
 <45133811+barttran2k@users.noreply.github.com>
Date: Tue, 7 Apr 2026 00:05:17 +0700
Subject: [PATCH] fix(security): unpinned cdn dependency for marked.js (supply
 chai
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The `marked` library is loaded from jsDelivr without a pinned version (`https://cdn.jsdelivr.net/npm/marked/marked.min.js`). This means the latest version is always fetched. If the npm package is compromised or a breaking/malicious update is published, users of this page would automatically receive the compromised code.

Affected files: index.html

Signed-off-by: Trần Bách <45133811+barttran2k@users.noreply.github.com>
---
 index.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/index.html b/index.html
index 5f90ae39..bc5be50b 100644
--- a/index.html
+++ b/index.html
@@ -35,10 +35,10 @@
 	<main></main>
 
 	<!-- JavaScript Library to Convert Markdown into HTML -->
-	<script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
+	<script src="https://cdn.jsdelivr.net/npm/marked@12.0.2/marked.min.js"></script>
 
 	<!-- Marked plugin to add heading ID's -->
-	<script src="https://cdn.jsdelivr.net/npm/marked-gfm-heading-id/lib/index.umd.js"></script>
+	<script src="https://cdn.jsdelivr.net/npm/marked-gfm-heading-id@4.1.0/lib/index.umd.js"></script>
 
 	<script>
 		// Basic Settings