Impact on privacy can be minimized with the attributes <script crossorigin="anonymous" referrerpolicy="no-referrer">
See : https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script Security could be improved with subresource integry. See https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity Setting the default to online=True would be annoying if no connection is available. The default could be a fallback mechanism that first looks for the files locally, and then goes to rawgit.com on 404. Fallback on <script> tags is typically implemented by the decades old hack <script src="foo.js"></script> <script> if (!Foo) { document.write('<script src="https://cdn.com/foo.js";></script>'); } </script> This makes sense for nbviewer, but for binder this looks much cleaner: https://github.com/jupyter-widgets/pythreejs Luca -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
