Phpster wrote:
Sorry for top posting, but here goes...
Stopping third party js from running on the client will never happen. If
so, you just killed your servers thru put in attempting to handle things
like google maps, google analytics and other fun things coming out of
companies like that ( google, zoho etc ). Your server will never handle
a large load like that for any number of users.
I didn't say third party scripts should not be used.
I did say that you will need to specify a particular part of the page
the third party script is allowed to modify - both in your document (by
setting an ID attribute) and in the script node that calls the third
party script (by setting an attribute telling the browser what part of
the DOM the script may modify)
Using third party items ( js, images, flash and other embedded items )
is what makes the Internet so efficient. The nature of distributed
systems allows the whole system to suceed.
It also is what makes the internet dangerous when it is not done in a
secure way.
What you are describing is nothing more than poor coding and a lack of
data validation, which unfortunately is endemic to many sites with lots
of people being able to build stuff with GUI tools like dreamweaver.
That's why it pays to hire a pro, not the teenager down the street.
Since the internet is (and should remain) a place where anyone can
publish, that kind of thing will remain - and as such, browsers out of
necessity will be far more restrictive with what scripting can do and
users will be a lot more paranoid about what they let scripts do.
There's a reason why NoScript is one of the most popular Mozilla
add-ons. As a NoScript user, I can tell you right now - you really on
client side dhtml for your content, I just left your site and went
somewhere else, because it didn't work for me.
I *may* decide to allow scripts to execute from your domain, but if
anything more is needed than that, I'll just read your page from
google's cache.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
