Code: Select all
<?php echo Theme::css('https://cdn.simplecss.org/simple.min.css', false); ?>Also undisclosed remote asset inclusion is a compliance issue with EU's GDPR laws (as I think the author is based in France).
Non-Local inclusion on Simple.css, tracking
-
kbeezie
- Ssr. Bludit
- Posts: 18
- Joined: Sun May 03, 2026 9:20 pm
- Has thanked: 2 times
- Been thanked: 3 times
In the head.php line 15 it includes the main theme's style sheet remotely.
The stylesheet should be included with the theme as to not risk issues when the cdn goes down or gets compromised, and to alleviate privacy/tracking concerns of those who installed the theme without giving consent to have their installation tracked by referral.
Also undisclosed remote asset inclusion is a compliance issue with EU's GDPR laws (as I think the author is based in France).
Also undisclosed remote asset inclusion is a compliance issue with EU's GDPR laws (as I think the author is based in France).
-
Edi
- Site Admin
- Posts: 3121
- Joined: Sun Aug 09, 2015 5:01 pm
- Location: Zurich
- Has thanked: 77 times
- Been thanked: 120 times
- Contact:
I would write the author of the theme:
https://jboisseur.xyz
or
https://github.com/jboisseur?tab=repositories
You can do it or I can do it as soon as I will be back from my holidays next week.
Perhaps there is a certain reason to use the external stylesheet.
https://jboisseur.xyz
or
https://github.com/jboisseur?tab=repositories
You can do it or I can do it as soon as I will be back from my holidays next week.
Perhaps there is a certain reason to use the external stylesheet.
-
kbeezie
- Ssr. Bludit
- Posts: 18
- Joined: Sun May 03, 2026 9:20 pm
- Has thanked: 2 times
- Been thanked: 3 times
There's no reason that I can see given the content of it, outside of possibly tracking page loads/traffic. At the very least disclose that there is an externally loaded asset that isn't google/boostrap/jquery.Edi wrote: Sat May 09, 2026 9:42 am Perhaps there is a certain reason to use the external stylesheet.
Especially when they're already loading a local style sheet that it could have gone into
Code: Select all
<!-- Include CSS Styles from this theme -->
<?php echo Theme::css('https://cdn.simplecss.org/simple.min.css', false); ?>
<?php echo Theme::css('css/style.css'); ?>
If they change something, it should be changed along with a new release of the theme, rather than risk breaking all the sites that have the theme installed. And if their site is compromised, then so is every site that installed the theme without knowing they are loading an external asset (though everyone should be checking anyways).
I didn't see a contact on github but I do see they have a Indeed. ... but it seems I can't contact thru Indeed without paying a subscription, and I don't see a contact option on github.
Bludit is a lightweight Content Management System (CMS), it's completely free and open source.
Latest stable release: Bludit v3.21.0 (ImperialEagle), 1.5.2026
Download
Become a patron of Bludit and get Bludit Pro!
Official website - Offizielle Website - Sitio web oficial
Documentation - Themes - Plugins
Community chat: Discord
Development: GitHub
Bludit CMS em Língua Portuguesa
Documentação e repositório para o Bludit.
Deutschsprachiger Newsletter
Mit dem Abonnieren des Newsletters wird das Einverständnis erteilt, die angegebene E-Mail-Adresse zu speichern und für den Versand des deutschprachigen Bludit-Newsletters zu verwenden. Der Newsletter kann jederzeit abbestellt werden.