[gkop]

I agree it's overblown (based on the article).

Was it sourced from a particular SHA or a "latest" link?

[Aaron1011]

Oddly enough, it appears to have linked to the project's Github Pages site: 'https://igorescobar.github.io/jQuery-Mask-Plugin/js/jquery.m... (see https://web.archive.org/web/20160817080309/https://secure.do... for the original page).

This still wasn't a good idea, but for a different reason - it's relying on the demo at https://igorescobar.github.io/jQuery-Mask-Plugin/ continuing to exist, and continuing to host the plugin at that same path.

[ianhawes]

Full disclosure, this mistake was not made by the campaign directly, but rather by Revv.co, who is the payments software provider (not processor, DJT is using Stripe).