jquery is permitted only to be stopped by Decentraleyes, which reroutes the request locally to deliver jquery from a browser-local source.
Not the best option, but at least the attackvector is not at jquery at that moment. You have to trust the AddOns-Source, though.
@alsternerd I generally don't embed things from random CDNs... just serve it from my own server
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!