From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Davis Herring <herring@lanl.gov>
Newsgroups: gmane.emacs.devel
Subject: Re: Condition to link to javascript code?
Date: Tue, 20 Dec 2016 12:10:23 -0700
Organization: XCP-1
Message-ID: <3a6a7a07-abd2-f8d0-2123-8aceaedf4ee5@lanl.gov>
References: <87eg19uc8y.fsf@gnu.org> <E1cIHD4-0005EK-Hw@fencepost.gnu.org>
	<87pokpnn7b.fsf@bzg.fr>
	<CADtN0WJeEDL0S6MGUtv502B4byQhyQ1gsT3h1Y7pyjMoFBM1Ag@mail.gmail.com>
	<87lgvc8hrp.fsf@bzg.fr>
	<CADtN0WKmqOC3kBOJgt4hJF8mRNwRjcCdRjGk3YdAr6hp2mY61A@mail.gmail.com>
	<878trb517w.fsf@bzg.fr> <E1cJOwU-0000w4-77@fencepost.gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: blaine.gmane.org 1482261040 23617 195.159.176.226 (20 Dec 2016 19:10:40 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Tue, 20 Dec 2016 19:10:40 +0000 (UTC)
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.5.1
Cc: lokedhs@gmail.com, emacs-devel@gnu.org
To: Richard Stallman <rms@gnu.org>, Bastien Guerry <bzg@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Dec 20 20:10:37 2016
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1cJPo4-0005QJ-IP
	for ged-emacs-devel@m.gmane.org; Tue, 20 Dec 2016 20:10:36 +0100
Original-Received: from localhost ([::1]:53049 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1cJPo8-0005Y5-Ns
	for ged-emacs-devel@m.gmane.org; Tue, 20 Dec 2016 14:10:40 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56355)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <herring@lanl.gov>) id 1cJPnz-0005Xz-MG
	for emacs-devel@gnu.org; Tue, 20 Dec 2016 14:10:33 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <herring@lanl.gov>) id 1cJPnv-0005nY-Kx
	for emacs-devel@gnu.org; Tue, 20 Dec 2016 14:10:31 -0500
Original-Received: from proofpoint4.lanl.gov ([2001:400:4210:400::a4]:40056)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <herring@lanl.gov>) id 1cJPnv-0005mZ-C4
	for emacs-devel@gnu.org; Tue, 20 Dec 2016 14:10:27 -0500
Original-Received: from mailrelay1.lanl.gov (mailrelay1.lanl.gov [128.165.4.101])
	by mailgate4.lanl.gov (8.15.0.59/8.15.0.59) with ESMTP id
	uBKJAN30004593; Tue, 20 Dec 2016 12:10:23 -0700
Original-Received: from localhost (localhost.localdomain [127.0.0.1])
	by mailrelay1.lanl.gov (Postfix) with ESMTP id CD41614420F1;
	Tue, 20 Dec 2016 12:10:23 -0700 (MST)
X-NIE-2-Virus-Scanner: amavisd-new at mailrelay1.lanl.gov
Original-Received: from bismuth.lanl.gov (bismuth.lanl.gov [128.165.246.103])
	by mailrelay1.lanl.gov (Postfix) with ESMTP id B27C114420E6;
	Tue, 20 Dec 2016 12:10:23 -0700 (MST)
In-Reply-To: <E1cJOwU-0000w4-77@fencepost.gnu.org>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.15.154, 1.0.8,
	0.0.0000
	definitions=2016-12-20_14:2016-12-20, 2016-12-20,
	1970-01-01 signatures=0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 2001:400:4210:400::a4
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:210671
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/210671>

> If it's a choice between linking to klipse.js on the same server
> and linking to klipse.js on the Google server, I see no particular
> ethical reason to prefer one or the other.

Are you concerned about the XSS possibilities if the other host (Google 
in this case) decided to change the JavaScript served at the well-known 
address to take advantage of its inclusion in a webpage with a security 
context?

Certainly the use of "standard" JavaScript libraries loaded from foreign 
servers is commonplace, but I think the security concern is at least 
worth considering (unless I completely misunderstand it).

Davis

-- 
This product is sold by volume, not by mass.  If it appears too dense or 
too sparse, it is because mass-energy conversion has occurred during 
shipping.