Thanks Jens for the response. Yes "processing of 'ensureDebugId()'" I meant, runtime overhead. And why do you think it won't require extra 'Javascript' download, as if you want to set debugIds you need to inherit Debug module.
I agree, the 2nd point(injection of script), is hypothetical. Regards Gourab. On Fri, Feb 26, 2016 at 8:48 PM, Jens <[email protected]> wrote: > > 1- The JavaScript download and processing of 'ensureDebugId()' is an >>> unwanted overhead >>> 2- when we set fixed dubug Id, someone can easily inject Unwanted >>> script, which can make use of this ID. (Not sure who the injection will >>> work though.) >>> >>> Is there any other reason why we disable Debug Ids in production ? >>> >> > No. Its mainly because of unneeded runtime overhead. Even your second > reason is IMHO a bit exotic, because when someone can inject script into > your app then you have a major security issue and these debug IDs are kind > of irrelevant then. > > -- J. > > -- > You received this message because you are subscribed to the Google Groups > "GWT Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/google-web-toolkit. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
