Conditional acceptance of script host bsd on page host?
Posted: Sun Jan 24, 2010 7:42 pm
I've noticed an increasing number of people load scripts from "common" rather than unique domains.
Ie.
I may visit one site that hosts static script components on Amazon, but another could be nefarious for all I know.
Some sites may break if I don't enable their third party scripts (where someone's injected their javascript stats system into link navigation and I don't want to have go diving into code to consider surrogates or whitelist use of that system every time).
Is a two tier system available? Perhaps required? Does one perhaps need to be able to descend to the right of the hostname in a URL now?
Ie.
- Google Metrics
- Amazon AWS (S3/EC2 etc.)
- jquery.org
I may visit one site that hosts static script components on Amazon, but another could be nefarious for all I know.
Some sites may break if I don't enable their third party scripts (where someone's injected their javascript stats system into link navigation and I don't want to have go diving into code to consider surrogates or whitelist use of that system every time).
Is a two tier system available? Perhaps required? Does one perhaps need to be able to descend to the right of the hostname in a URL now?