[Bug 11402] New: One problem of todays JavaScript libraries is, that the client has to download the same library over and over again, while visiting multiple sites. One could use services like Google Libraries API for a central location, but that introduces new points of

http://www.w3.org/Bugs/Public/show_bug.cgi?id=11402

           Summary: One problem of todays JavaScript libraries is, that
                    the client has to download the same library over and
                    over again, while visiting multiple sites. One could
                    use services like Google Libraries API for a central
                    location, but that introduces new points of
           Product: HTML WG
           Version: unspecified
          Platform: Other
               URL: http://www.whatwg.org/specs/web-apps/current-work/#top
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P3
         Component: HTML Canvas 2D Context (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: contributor@whatwg.org
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


Specification: http://dev.w3.org/html5/spec/Overview.html
Section: http://www.whatwg.org/specs/web-apps/current-work/complete.html#top

Comment:
One problem of todays JavaScript libraries is, that the client has to download
the same library over and over again, while visiting multiple sites. One could
use services like Google Libraries API for a central location, but that
introduces new points of failure. For example, Google might be blocked in
certain countries, or might be hacked.

To solve this, I propose a new attribute for the script tag. I would call it
"hash", but that may change. Its value should contain a hash algorithm name,
followed by the hash sum of the referenced JavaScript source. 

If the browser recognizes the attribute, supports the requested hash algorithm
and the sum matches the JavaScript source, it can cache the file in a special
way: If another site references the same hash algorithm and hash sum, it may
use the cached library, even if the src attribute doesn't match. If one of the
mentioned conditions is not met, the hash attribute should be ignored.

I think, the HTML5 specs shouldn't request certain hash algorithms, as they
may brake or better algorithms may be discovered, but it should recommend the
support of sha1 and sha256.

jQuery for example could be referenced like this:

<script src="jquery-1.4.4.min.js"
hash="sha1:b75990598ee8d3895448ed9d08726af63109f842"></script>

or:

<script src="jquery-1.4.4.min.js"
hash="sha256:517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c"
></script>

Posted from: 80.171.214.158

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 24 November 2010 22:15:33 UTC