> 1- The JavaScript download and processing of 'ensureDebugId()' is an >> unwanted overhead >> 2- when we set fixed dubug Id, someone can easily inject Unwanted script, >> which can make use of this ID. (Not sure who the injection will work >> though.) >> >> Is there any other reason why we disable Debug Ids in production ? >> > No. Its mainly because of unneeded runtime overhead. Even your second reason is IMHO a bit exotic, because when someone can inject script into your app then you have a major security issue and these debug IDs are kind of irrelevant then.
-- J. -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
