[whatwg] Browser Bundled Javascript Repository
And Clover
and-py at doxdesk.com
Mon Jul 13 13:36:49 PDT 2009
I honestly can't see the benefit of bundling common libraries at all. It
requires a bunch of infrastructure to manage it and quickly becomes out
of date. Not worth it to save a few tens of K as a one-time download -
not a significant amount at all in today's terms.
What would help is if more people could link a script from a common
location so that it was already cached by the standard browser
mechanisms. This is already happening to some extent.
But linking external scripts does have a problem in that you have to
trust the site you're linking not to change the script (or get
compromised) to add malicious features. A cryptographic hash of the file
you expect could be used to mitigate this issue, perhaps for other types
of file too. And such a feature could fall within HTML5's purview.
For example:
<script type="text/javascript"
src="http://www.sharedscripts.com/jquery-1.2.3.js"
contenthash="sha1:aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d">
<link rel="stylesheet" type="text/css"
src="http://www.sharedscripts.com/nice-4.5.6.css"
contenthash="sha1:0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33">
--
And Clover
mailto:and at doxdesk.com
http://www.doxdesk.com/
More information about the whatwg
mailing list