|
From: | Davis Herring |
Subject: | Re: Condition to link to javascript code? |
Date: | Tue, 20 Dec 2016 12:10:23 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 |
If it's a choice between linking to klipse.js on the same server and linking to klipse.js on the Google server, I see no particular ethical reason to prefer one or the other.
Are you concerned about the XSS possibilities if the other host (Google in this case) decided to change the JavaScript served at the well-known address to take advantage of its inclusion in a webpage with a security context?
Certainly the use of "standard" JavaScript libraries loaded from foreign servers is commonplace, but I think the security concern is at least worth considering (unless I completely misunderstand it).
Davis --This product is sold by volume, not by mass. If it appears too dense or too sparse, it is because mass-energy conversion has occurred during shipping.
[Prev in Thread] | Current Thread | [Next in Thread] |