[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

 ❦  3 septembre 2015 12:23 +1000, Dmitry Smirnov <onlyjob@debian.org> :

>> Amazon did a study that showed every ~100ms of page load
>> delay lost them 1% in sales.
> It could be that small percentage of Amazon users are impulsive trigger-happy 
> buyers. :)
> However that conclusion is probably wrong due to number of reasons:

Please, publish your own study. This number is well known and supported
by an entity which is likely to have a population large enough to be

>> So yes, minifiers matter.
> IMHO there is more harm than good. The only case for minification that I can 
> think of is to increase web server capacity a little to cope with flow of new 
> users following some sort of AD campaign. A poor substitute for capacity 
> planning or a case when network link is congested.
> Minification makes multiple assumptions such as that web app is perfect and 
> nobody would ever need to open JS console and report errors. Or that nobody 
> would like to learn about web site features from non-minified CSS and JS. Let 
> alone debugging some of us do not like proprietary javascripts running in our 
> browsers -- minification kills opportunity for security peer review etc.
> Finally, one may think that maintenance cost of minified JavaScripts in 
> Debian outweighs all the "benefits" by huge margin.

Without minification, we'll just ship packages that people won't
use. Why would I run a crippled installation of Wordpress that will
drive of part of my users to another competitor?

We don't turn C into an interpreted language because it would be easier
to inspect the resulting binaries.
Don't stop with your first draft.
            - The Elements of Programming Style (Kernighan & Plauger)

Attachment: signature.asc
Description: PGP signature

Reply to: