Doesn’t using Google CDN for jquery break the rule of not using cross domain requests on the webpage. Do we trust Google enough to do this?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Doesn’t using Google CDN for jquery break the rule of not using cross domain requests on the webpage. Do we trust Google enough to do this?
The use of script tags from a foreign website are allowed within the browser itself. Because it is presumed that you intend to load this functionality. The scripts loaded are not able to communicate directly with the foreign domain though (XHR same-origin, except with CORS). Now, this is precisely why you don’t want to allow for un-checked user input that could load a script from a foreign site. It is possible for a foreign script to do things you don’t want, but if it is from a trusted source, it should be fine.
If google was caught to be using an injection via their CDN, there would be severe backlash, and I doubt it would ever happen, and if it did, would be corrected far more quickly than you would even notice the issue.