Security issue?

JavaScript and client side scripting.

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Security issue?

Post by alex.barylski »

I have a couple web sites all which are on shared hosts physically located (God knows where). Each of them share some common JS and I owuld like to centralize that JS and just reference each JS from another IP address or basically a shared host which does nothing butg deliver common code.

When a web page includes JS from an domain other than it's own, that doesn't flag errors, eh?

I mean, Google does it and so do countless others, so i can't see it being a problem or causing any XSS issues. XSS is typically reserved for javascript running on one domain manipulating the DOM of another or similar techniques correct?

Thanks a bunch :)
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: Security issue?

Post by Chris Corbyn »

Hockey wrote:I have a couple web sites all which are on shared hosts physically located (God knows where). Each of them share some common JS and I owuld like to centralize that JS and just reference each JS from another IP address or basically a shared host which does nothing butg deliver common code.

When a web page includes JS from an domain other than it's own, that doesn't flag errors, eh?

I mean, Google does it and so do countless others, so i can't see it being a problem or causing any XSS issues. XSS is typically reserved for javascript running on one domain manipulating the DOM of another or similar techniques correct?

Thanks a bunch :)
There are no issues no. Adsense and things like that wouldn't work unless you could include remote scripts. The browser doesn't care, provided it can find the other domain. As for XSS issues you have the same risk as you do if you dispatch the code from the same server. All the server is doing is serving the files one direction.

EDIT | I'd probably set up subdomains within the domains that will use this repository so that you refer to scripts.yourdomain.com or something rather than someotherrandomdomain.com/scripts/
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

while I like the subdomain suggestion, I still can't entirely see the benefit of centralizing your javascript to another server... Is it an app like adwords that you're trying to keep a single revision of?
Post Reply