[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Condition to link to javascript code?

From: Davis Herring
Subject: Re: Condition to link to javascript code?
Date: Tue, 20 Dec 2016 12:10:23 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1

If it's a choice between linking to klipse.js on the same server
and linking to klipse.js on the Google server, I see no particular
ethical reason to prefer one or the other.

Are you concerned about the XSS possibilities if the other host (Google in this case) decided to change the JavaScript served at the well-known address to take advantage of its inclusion in a webpage with a security context?

Certainly the use of "standard" JavaScript libraries loaded from foreign servers is commonplace, but I think the security concern is at least worth considering (unless I completely misunderstand it).


This product is sold by volume, not by mass. If it appears too dense or too sparse, it is because mass-energy conversion has occurred during shipping.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]