jquery is permitted only to be stopped by Decentraleyes, which reroutes the request locally to deliver jquery from a browser-local source.
Not the best option, but at least the attackvector is not at jquery at that moment. You have to trust the AddOns-Source, though.
@alsternerd I generally don't embed things from random CDNs... just serve it from my own server
One of the first Mastodon instances, there is no specific topic we're into, just enjoy your time!