Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
we have online site (application). we are letting developers / opensource community to easily embed there plugins / applications easily with javascript code.
we were wondering, should we host the file on our domain and server or should we let developers host there own files and just include there files in the site.
which method do you think it will be safe to go with?
Allowing arbitrary JavaScript in pages on your domain is dangerous. It will get full access to the data on your site (that is available to the user accessing the page) no matter where it is hosted.
If you host it yourself you can audit it (manually or automatically) before you publish it.
If you allow third parties to host it, they can change it at any time.