- From: <bugzilla@jessica.w3.org>
- Date: Wed, 24 Nov 2010 22:15:30 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11402 Summary: One problem of todays JavaScript libraries is, that the client has to download the same library over and over again, while visiting multiple sites. One could use services like Google Libraries API for a central location, but that introduces new points of Product: HTML WG Version: unspecified Platform: Other URL: http://www.whatwg.org/specs/web-apps/current-work/#top OS/Version: other Status: NEW Severity: normal Priority: P3 Component: HTML Canvas 2D Context (editor: Ian Hickson) AssignedTo: ian@hixie.ch ReportedBy: contributor@whatwg.org QAContact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-wg-issue-tracking@w3.org, public-html@w3.org Specification: http://dev.w3.org/html5/spec/Overview.html Section: http://www.whatwg.org/specs/web-apps/current-work/complete.html#top Comment: One problem of todays JavaScript libraries is, that the client has to download the same library over and over again, while visiting multiple sites. One could use services like Google Libraries API for a central location, but that introduces new points of failure. For example, Google might be blocked in certain countries, or might be hacked. To solve this, I propose a new attribute for the script tag. I would call it "hash", but that may change. Its value should contain a hash algorithm name, followed by the hash sum of the referenced JavaScript source. If the browser recognizes the attribute, supports the requested hash algorithm and the sum matches the JavaScript source, it can cache the file in a special way: If another site references the same hash algorithm and hash sum, it may use the cached library, even if the src attribute doesn't match. If one of the mentioned conditions is not met, the hash attribute should be ignored. I think, the HTML5 specs shouldn't request certain hash algorithms, as they may brake or better algorithms may be discovered, but it should recommend the support of sha1 and sha256. jQuery for example could be referenced like this: <script src="jquery-1.4.4.min.js" hash="sha1:b75990598ee8d3895448ed9d08726af63109f842"></script> or: <script src="jquery-1.4.4.min.js" hash="sha256:517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c" ></script> Posted from: 80.171.214.158 -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Wednesday, 24 November 2010 22:15:33 UTC