Comments on: Keeping third party JavaScript from slowing down your site

By: Matt

Matt — Sun, 25 Jul 2010 12:17:43 +0000

There are many better ways of doing this. This method doesn’t support asynchronous loading of JavaScript as well as loading files with document.write in them

http://www.tutkiun.com/2010/07/load-javascript-after-pageload.html

By: Augustus Vais

Augustus Vais — Fri, 05 Mar 2010 01:40:54 +0000

Hello, I found this blog article while searching for help with JavaScript. I have recently switched browsers from Google Chrome to Firefox 3.2. After the change I seem to have a problem with loading JavaScript. Every time I browse page that needs Javascript, the page doesn’t load and I get a “runtime error javascript.JSException: Unknown name”. I can’t seem to find out how to fix the problem. Any aid is very appreciated! Thanks

By: cielo

cielo — Thu, 15 Oct 2009 18:42:00 +0000

Very instructive, but where in my template would I place your JavaScript code?

My poor blog is running soooo slow that I’m losing readers… HELP please!

cielo

By: jaisen

jaisen — Sun, 19 Jul 2009 05:20:20 +0000

@Dan, thanks for pointing that out. That must have got changed somehow during a save of the post. It’s fixed now.

By: Dan

Dan — Sat, 18 Jul 2009 22:43:13 +0000

Oops, comments can be exploited, too.

alert("See comments.");

By: Dan

Dan — Sat, 18 Jul 2009 22:37:49 +0000

Just a warning – your example has a script to “http://thirdparty.com/path/to/file.js” (the part isn’t escaped with <) and that destination is an ad site. They could make this page do malicious things.

By: Chris Blow

Chris Blow — Mon, 02 Jun 2008 06:51:05 +0000

@joey: the js is dynamically written from the server, so you need a “live” connection to the third party.

But WRT the security issue, you are right on to raise the issue: it was just a few months ago that perl.com was hacked because one of their ad partners (read: remote js) had their domain name expire! ….

When was the last time you checked your
“content partner’s” registration expiry? :)

By: Joey Mazzarelli

Joey Mazzarelli — Sun, 01 Jun 2008 22:52:22 +0000

Have you considered the security aspect of directly including 3rd-party scripts? You are effectively giving them the ability to steal cookies, alter the behavior of your site, read user data, etc.

It requires little effort to make a local copy of the script and use that one instead. And you don’t have to worry bad behavior (malicious or accidental) nor updates breaking your site.

Just a thought.

By: Peter Michaux

Peter Michaux — Sat, 31 May 2008 21:48:20 +0000

I don’t think using a central source for common JavaScript libraries is such a great idea. At least not in all cases. I don’t think I would use such a source.

http://peter.michaux.ca/article/7906

These startups you mention don’t want you to think about the possible costs. That would discourage adoption.

By: jaisen

jaisen — Sat, 31 May 2008 21:43:20 +0000

@Peter, the google hosted js libs are a great idea. Google’s infrastructure is as reliable and fast as you can expect from a third party.

My main concern is that startups while providing great services don’t have infrastructure that’s as reliable as one might expect. So if you *must* include their scripts it should become a standard practice to minimize your dependency on them.

I would like for these startups to address this issue instead of just giving you a script tag to paste into your site without thinking of the possible cost.