Let us look for DOM-XSS sinks and sources for this and related javascript library destinations on cloudflare…
Results from scanning URL: -https://www.security.nl/js/jquery/jquery.securitynl.js?13757912339
Number of sources found: 117 ; number of sinks found: 55
Results from scanning URL: -https://cdnjs.cloudflare.com/ajax/libs/iCheck/1.0.2/icheck.min.js
Number of sources found: 15 ; number of sinks found: 2
Results from scanning URL: -https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.5/js/select2.min.js
Number of sources found: 11 ; number of sinks found: 2
Results from scanning URL: -https://cdn.onesignal.com/sdks/OneSignalSDK.js
Number of sources found: 11 ; number of sinks found: 2
or
Results from scanning URL: -https://cdn.onesignal.com/sdks/OneSignalSDK.js
Number of sources found: 148 ; number of sinks found: 27
Security Checks for -https://www.security.nl/js/jquery/jquery.securitynl.js?13757912339
Susceptible to man-in-the-middle attacks
Insecure SSL/TLS versions available
SSL expires soon
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Emails can be fraudulently sent
Lenient SPF filtering
DMARC not enabled
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)