[whatwg] Browser Bundled Javascript Repository

And Clover and-py at doxdesk.com
Mon Jul 13 13:36:49 PDT 2009


I honestly can't see the benefit of bundling common libraries at all. It 
requires a bunch of infrastructure to manage it and quickly becomes out 
of date. Not worth it to save a few tens of K as a one-time download - 
not a significant amount at all in today's terms.

What would help is if more people could link a script from a common 
location so that it was already cached by the standard browser 
mechanisms. This is already happening to some extent.

But linking external scripts does have a problem in that you have to 
trust the site you're linking not to change the script (or get 
compromised) to add malicious features. A cryptographic hash of the file 
you expect could be used to mitigate this issue, perhaps for other types 
of file too. And such a feature could fall within HTML5's purview.

For example:

     <script type="text/javascript"
         src="http://www.sharedscripts.com/jquery-1.2.3.js"
         contenthash="sha1:aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d">
     <link rel="stylesheet" type="text/css"
         src="http://www.sharedscripts.com/nice-4.5.6.css"
         contenthash="sha1:0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33">

-- 
And Clover
mailto:and at doxdesk.com
http://www.doxdesk.com/



More information about the whatwg mailing list