Loading ...
Sorry, an error occurred while loading the content.

Re: [caplet] Re: ADsafe validation

Expand Messages
  • Kris Zyp
    ... Also, because with the new cross-site XHR and XDR capabilities, web sites can directly request the scripts from other sites, which can potentially be
    Message 1 of 16 , Mar 21, 2008
    • 0 Attachment
      
      > (Preprocessing features in client-side Javascript? What's the point of that?
      > Just preprocess it on the server.)
      Also, because with the new cross-site XHR and XDR capabilities, web sites can directly request the scripts from other sites, which can potentially be significantly faster than sending them through your proxy (and incurring queuing against your own connection limit on the client). This could also reduces the burden on the server, always nice to offload to the infinitely scalable client (a new cpu for each user).
      IMO, performance is going to be a critical part of the acceptance of secured JavaScript. I would bet that a large percentage of potential users won't find the benefit of secure JavaScript compelling enough if there site takes twice as long to load. Of course this belief is one of the reasons for wanting to create a small fast 5K-ish library.
      Even without the new cross-site XHR and XDR capabilities, I think ADsafe client side validation could have a use, since we do have cross-site requesting mechanisms that are safe (like CrossSafe/Subspace). However, CrossSafe can't safely bring scripts into the container, only data. With ADsafe, CrossSafe could bring those scripts across using existing widespread browser technology.
      However, I do certainly agree that many users will prefer the server-side validation. Has anyone created a server-side ADsafe validator yet, or is that another project waiting to be undertaken?
      Kris
    Your message has been successfully submitted and would be delivered to recipients shortly.