跨域和jQuery的Google CDN [英] Cross domain and google CDN for jquery

问题描述

未将Google CDN用于jquery违反了在网页上不使用跨域请求的规则.我们是否足够信任Google来做到这一点?

解决方案

浏览器本身允许使用外国网站的脚本标签.因为假定您打算加载此功能.但是，加载的脚本无法直接与外部域进行通信(XHR同源，但使用CORS除外).现在，这就是为什么您不想允许未经检查的用户输入(可能会从外部站点加载脚本)的原因.外部脚本可能会执行您不想要的事情，但是如果它来自受信任的来源，那应该没事.

如果google被发现要通过其CDN进行注射，就会产生强烈的反冲，我怀疑这种情况是否会发生，并且如果确实如此，其纠正的速度将远远超过您甚至没有注意到该问题的时间./p>

Doesn't using Google CDN for jquery break the rule of not using cross domain requests on the webpage. Do we trust Google enough to do this?

解决方案

The use of script tags from a foreign website are allowed within the browser itself. Because it is presumed that you intend to load this functionality. The scripts loaded are not able to communicate directly with the foreign domain though (XHR same-origin, except with CORS). Now, this is precisely why you don't want to allow for un-checked user input that could load a script from a foreign site. It is possible for a foreign script to do things you don't want, but if it is from a trusted source, it should be fine.

If google was caught to be using an injection via their CDN, there would be severe backlash, and I doubt it would ever happen, and if it did, would be corrected far more quickly than you would even notice the issue.

这篇关于跨域和jQuery的Google CDN的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！