ansaurus

Question

Is referencing jQuery from ajax.googleapis.com bad practice?

Answer 1

+2 A:

Google has far more tempting targets than their jQuery host (unless it gets used by banks), so I wouldn't worry too much.

Also, I would guess that your webserver is easier to hack than Google's servers.

SLaks 2010-01-21 20:34:59

My webserver also presents a far less tempting target, as no one is referencing my local copy of jQuery other than me, as opposed to the thousands of sites targetting Google's. You may be right about the more tempting targets at Google (see also: recent news stories involving today's IE fix)

R. Bemrose 2010-01-21 20:41:53

so it would be bad practice for a bank?

Seth Reno 2010-01-21 20:44:39

It might be illegal for a bank. Check your local privacy and data security laws.

ceejayoz 2010-01-21 20:49:04

I find a bank analogy works quite well actually: A bank is an extremely attractive target for robbers, but also extremely well protected. A sock under my mattress is a much less attractive target for robbers, but much easier to get to. In that analogy, Google is probably very close to Fort Knox or a really big downtown bank. Not entirely impossible to get broken into, but highly unlikely.

Pekka 2010-01-25 21:11:10

Answer 2

+2 A:

No, just keep in mind that a minority of users (very small minority) may have google blocked. If you're worried about hackers taking over Google's jQuery source, you shouldn't feel safe doing anything, anywhere online.

Jonathan Sampson 2010-01-21 20:35:10

May happen if you are behind a content-filtering proxy. Not because google is bad, but because proxies filter out javascript...which is ... jQuery in this case :-)

naivists 2010-01-21 20:36:59

"you shouldn't feel safe doing anything, anywhere online"I don't.

Seth Reno 2010-01-21 21:07:08

@SethReno, and yet you insist on using your *real* name? :)

Jonathan Sampson 2010-01-21 21:47:10

lol Seth was taken. Please don't hunt me down and kill me :)

Seth Reno 2010-01-21 22:15:53

@Seth: You could have used `Seth2`, or `SethR`.

SLaks 2010-01-22 01:06:25

Answer 3

+2 A:

Personally I choose to self-host the jquery library file for this reason amongst others. "If" the file was hacked yes I could see it a security risk. Plus if the file becomes unavailable for any reason to a user all of your clientside functionality breaks. It's unlikely, but still a risk I don't like.

The little amount of time saved for the user by referencing the external script is not worth the tradeoff IMO. Beyond the first load of the script core, caching will be the same anyway no matter where it's stored...

KP 2010-01-21 20:37:36

By that logic, wouldn't you not want to host it on your server either, since it could be hacked?

Tom 2010-01-21 20:42:55

I was only mentioning the hacking because the OP asked about it. My main concern is availability. If jQuery was unavailable on my own server, it's likely the rest of the site is as well due to a tech issue. I'd rather this than the odd visitor who lands on my site, can't access google jQuery copy and all expected functionality fails. People are used to sites being down here and there. I'd rather this than a 'disfunctional' site IMHO anyway...

KP 2010-01-21 20:51:49

If "all expected functionality fails" without JavaScript, your site is what's failing. You should be using progressive enhancement to give non-JS users the ability to access the site.

ceejayoz 2010-01-21 20:53:12

@ceejayoz I realize the site has to gracefully degrade, however for the 95% of people who do have javascript enabled, I'd prefer the 'better' experience to work without reliance on external references.

KP 2010-01-22 13:40:46

How come people are so keen on supporting the 1% (or probably much less) of users without javascript, but hate supporting the 10-20% who use IE6?

erikkallen 2010-01-25 21:08:00

I agree with KevinP in that adding an external dependency is good to avoid, even if the external dependency is infinely less likely to fail than your own site. It still is two possible sources of failure, instead of one.

Pekka 2010-01-25 21:08:42

erikkallen: heh, good point :) I guess one (subjective but understandable) reason is that turning JS off is unavoidable for many and could be looked as some kind of a right, while using IE6 in 2010 seems just... dumb, and the sometimes huge extra effort for supporting has a limited use only, until the browser finally dies. I know many users can't help it because they are in a corporate environment and whatnot, but it probably is one of the stronger reasons why there is not much motivation in the community to support IE6.

Pekka 2010-01-25 21:13:39

ansaurus

tags:

views:

answers:

Is referencing jQuery from ajax.googleapis.com bad practice?

related questions