But linking external scripts does have a problem in that you have to
trust the site you're linking not to change the script (or get
compromised) to add malicious features. A cryptographic hash of the
file you expect could be used to mitigate this issue, perhaps for
other types of file too. And such a feature could fall within
HTML5's purview.
For example:
<script type="text/javascript"
src="http://www.sharedscripts.com/jquery-1.2.3.js";
contenthash="sha1:aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d">
<link rel="stylesheet" type="text/css"
src="http://www.sharedscripts.com/nice-4.5.6.css";
contenthash="sha1:0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33">
This idea makes sense, but it would still need a fallback script if
the linked to version doesn't work, and you could use that to point to
the backup file on your own server (equivalent to the src="" attribute).
<script type="text/javascript"
src="http://www.sharedscripts.com/jquery-1.2.3.js";
contenthash="sha1:aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d"
fallback="js/jquery-1.2.3.min.js">
However, this wouldn't work in older browsers. Thats why I wanted the
"proactive" search to be something other then the src attribute, have
that used first, and fallback to the src attribute in case something
goes wrong. This would degrade gracefully.
- Joe
