W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] Browser Bundled Javascript Repository

From: And Clover <and-py@doxdesk.com>
Date: Mon, 13 Jul 2009 22:36:49 +0200
Message-ID: <4A5B9AE1.7050306@doxdesk.com>
I honestly can't see the benefit of bundling common libraries at all. It 
requires a bunch of infrastructure to manage it and quickly becomes out 
of date. Not worth it to save a few tens of K as a one-time download - 
not a significant amount at all in today's terms.

What would help is if more people could link a script from a common 
location so that it was already cached by the standard browser 
mechanisms. This is already happening to some extent.

But linking external scripts does have a problem in that you have to 
trust the site you're linking not to change the script (or get 
compromised) to add malicious features. A cryptographic hash of the file 
you expect could be used to mitigate this issue, perhaps for other types 
of file too. And such a feature could fall within HTML5's purview.

For example:

     <script type="text/javascript"
         src="http://www.sharedscripts.com/jquery-1.2.3.js"
         contenthash="sha1:aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d">
     <link rel="stylesheet" type="text/css"
         src="http://www.sharedscripts.com/nice-4.5.6.css"
         contenthash="sha1:0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33">

-- 
And Clover
mailto:and at doxdesk.com
http://www.doxdesk.com/
Received on Monday, 13 July 2009 13:36:49 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC