What is the most lightweight way to include the jQuery lib into a page dynamically? I'm working on a page where sometimes it runs a few custom scripts (10 lines) and other times the entire jquery is also needed.
+1
A:
Well once the user has already downloaded JQuery, it's cached on their system, so including it after the first initial download is really trivial. You might as well just include it on the pate that you need it on and not worry about trying to add it into the JS runtime later on during the page.
Kevin
2009-10-23 14:17:47
+1
A:
Include it from Google's CDN:
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
There's a big chance your clients will already have jQuery cached in their browsers.
Darin Dimitrov
2009-10-23 14:20:04
I don't trust Google with this. I think this practices is a huge security issue... and I'm waiting for the rest of the webdev world to wake up and smell the coffee. I'd like to serve the files myself. I trust me.
tyndall
2009-10-23 14:26:59
I wonder if you could write code to check the contents of the jQuery library pulled from google and compute a checksum or something. Of course, a rogue version of jQuery could potentially corrupt the Javascript environment sufficiently that you couldn't trust your checksum code anyway.
Pointy
2009-10-23 14:30:32
I admit I trust Google more than most companies. But think about all the companies that offer "share this" widgets and people include their scripts on their pages. I don't trust these random companies at all. I someone hacks one of these sites they can inject any script on to your page.... for Phishing or redir you to an exploit etc......
tyndall
2009-10-23 14:36:48
There needs to be a larger discussion in the web community about a new standard to sandbox some of these 3rd party scripts. I think I have heard other people talk about this in terms of Eval-ing JSON. (similar issues)
tyndall
2009-10-23 14:38:29
new browsers have built in json decode thats not just eval. much better. but like everything on the web, there'll always be the holdouts (i'm looking at you, IE).
Justin
2009-10-23 16:03:20
+4
A:
Just add a script tag for jQuery when you need it:
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = 'http://www.example.com/jquery.js';
document.body.appendChild(script);
ujh
2009-10-23 14:21:13
A:
May be you'll find Google AJAX APIs usefull. You can call load jQuery whenever you need by calling:
google.load("jquery", "1");
Ivan Nevostruev
2009-10-23 14:21:17
+1
A:
Yeah, I'd just include it always - its small, and if you use the google cdn it'll hopefully already be cached.
If you MUST load it on demand, you can write the code for appending a script tag to the body. This code is fairly common.
void((function(){
var e=document.createElement('script');
e.setAttribute('type','text/javascript');
e.setAttribute('src','jquery.js');
document.body.appendChild(e)
})());
Justin
2009-10-23 14:24:50
+1
A:
Just go ahead and include it.
If you have other pages where you use jQuery then it's probably already cached if they do much on your site (or visit it with any frequency). Use the minified form, though. The logic of using Google applies, but the likelihood of cache is smaller.
W.r.t your comments: How often do you validate the pages on your own site? If your site did get cracked, how soon would you know? If the Google-hosted code was altered, the speed of discovery would be many orders of magnitude higher, and the implications to your site would be relatively small, IMO.
Carter Galle
2009-10-23 14:55:11
A:
<script src="http://www.google.com/jsapi"></script>
<script>
//your awesome google
google.load("jquery", "1");
</script>
i have no clue why these guys are saying that google is a security issue and they dont want google to serve it. yall are wrong (or give me reasons why) id say its more likely for you to download a bad or changed version of jquery (you should alwase go to the site) than google giving you issues. googles awesome and they make it easy, host if for you and prolly have more throughput than you weak webserver so why wouldnt you use it?
sorry for dup code im still getting started on this site but i cant find reply button
Carter Cole
2009-10-23 15:47:19
I don't want to trust other webservers that's all. I won't allow a 3rd Party to inject script on to my pages. Even if I think I know what they are injecting. Because they can (1) move it (2) change it (3) they could get hacked and then do anything they want with my page. I realize with Google this is a little less likely. But why not just go the safe route.
tyndall
2009-10-26 17:02:23