I'd guess that the more annoying 3rd party scripts (looking at you, addthis) wou... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		MichaelGG on Oct 1, 2015 \| parent \| context \| favorite \| on: Do not let your CDN betray you: Use Subresource In... I'd guess that the more annoying 3rd party scripts (looking at you, addthis) would simply tell people not to use this attribute as it will "break compatibility and hinder our ability to deploy critical, potentially security impacting, fixes". In fact, if I were a 3rd party script provider, I'd want to make sure people don't do this to my scripts if I haven't "opted in" to keeping compat (i.e. never modifying the content at a URL). In addition to what you say, it'll also happen in reverse: Well-meaning webmasters will add this tag to improve security, then end up with a broken site. I'd be surprised if 3rd party providers don't start intentionally adding a random byte on each request (or every hour or something) to make sure that webdevs don't take a dependency on the contents of their files.

coldpie on Oct 1, 2015 [–]

What is "addthis" anyway? I always wondered if the domain was targeted at NoScript users. It's telling me to add it -- maybe I should whitelist it!

MichaelGG on Oct 1, 2015 | [–]

I think it's a vile "sharing" widget thingy. Nothing of value lost by blocking it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact