Preloading using JS instead of a tag from Jeffrey Yasskin on 2020-08-27 (public-web-perf@w3.org from August 2020)

From: Jeffrey Yasskin <jyasskin@google.com>
Date: Thu, 27 Aug 2020 13:05:30 -0700
To: public-web-perf@w3.org
Cc: Krzysztof Kotowicz <koto@google.com>, Hayato Ito <hayato@google.com>
Message-ID: <CANh-dXnWtB_pVSG-fwiNkPfYAU=y3bSb2dSbh-TzcNAcDhER9g@mail.gmail.com>

Hi Web Perf experts,

We're working <https://www.chromestatus.com/feature/5710618575241216> on
using (unsigned) web bundles to help with preloading subresources. The
current design is at
https://github.com/WICG/webpackage/blob/master/explainers/subresource-loading.md,
but roughly the idea is that a page would build a bundle of the
subresources it intends to use and put a

<link rel="webbundle" href="/the_bundle.wbn" scope="/resources">

with their other preloads (or one of several variations). After that,

<script src="/resources/foo.js">

would find the version in the bundle instead of having to fetch it
independently.

In https://github.com/WICG/webpackage/issues/580, Krzysztof worries that
adding any new way for a <link> tag to affect script loading is a security
risk, because pages may not be as careful about preventing users from
injecting <link> tags as they are about <script> tags. Instead, he suggests
using a Javascript API to tell the browser to preload subresources using a
bundle.

What do folks here think?

Thanks,
Jeffrey

Received on Thursday, 27 August 2020 20:05:55 UTC