IE8 has a feature called InPrivate Filtering, which will block scripts it finds on webpages from more than ‘n’ different sites.
I’m listening to the most recent ‘Security Now’ podcast which is raving about this feature as being great.
At the very same time I’m screaming NOOO! What the *#&$ — because my site (as does many many others) includes the following (jQuery + SWFObject). i.e. I’m using Google’s CDN to host my jQuery.
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js'></script> <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js'></script> So whats the deal – should I stop usin jQuery and swfobject from a CDN ?
Whats everybody else doing?
**Edit: ** I couldn’t find out if they keep a list of ‘trusted sites’ or not, but according to this from Microsoft the InPrivate filtering is per session. So at least someone has to actively enable it every session.
InPrivate Filtering is off by default and must be enabled on a per-session basis. To use this feature, select InPrivate Filtering from the Safety menu. To access and manage different filtering options for Internet Explorer 8, select InPrivate Filtering Settings from the Safety menu. To end your InPrivate Browsing session, simply close the browser window.
If your site has content that people would not want cached (bank site, porn, or something else ‘sensitive’), then I would not use an externally hosted file. Or if your site is just totally broken if the file does not load I would consider it. But if your site is anything else, I wouldn’t worry about it. I don’t think this is a feature most people will use if they want to hide their tracks. And if they really want to, let them deal with the consequences.