- From: Rob Levin <roblevin@hotmail.com>
- Date: Thu, 28 Jul 2011 22:51:19 +0100
> > (2) With the rise of Javascript frameworks like JQuery, it is becoming > > best practice to separate the code from the content. All legitimate > > code can be placed in the <head> block without too much effort, for > > many sites. > In practice many developers prefer to place almost all script tags right before the closing body tag > > http://developer.yahoo.com/performance/rules.html#js_bottom Yes, I agree. There can be a performance optimisation from placing scripts at the bottom of the page. In the absence of any other factors, this has been the primary driver of advice where to place the scripts. But from a security point of view, mixing the scripts and the content is quite dangerous - it gives malicious content more opportunities to sneak in a live malicious script. If placing scripts only in the head block could give a simple and significant security enhancement, then the best-practice advice could quickly change. And hopefully with modern browsers the same performance benefits can now be realised using scripts in the head block, with the defer and/or async attribute http://stackoverflow.com/questions/3952009/defer-attribute-chrome
Received on Thursday, 28 July 2011 14:51:19 UTC