[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

 ❦  3 septembre 2015 21:03 +1000, Dmitry Smirnov <onlyjob@debian.org> :

>> Without minification, we'll just ship packages that people won't
>> use. Why would I run a crippled installation of Wordpress that will
>> drive of part of my users to another competitor?
> Sorry but that feels like exaggeration. Maybe it is just my perception but  
> but it looks like you are trying to justify a bad practice (minification) 
> with remotely related arguments of little weight...

I don't see in which world minification is considered a bad
practice. This is a good practice. All JS are minified to half their
sizes (compared to just gzip) and speed up their evaluation.

> Why not use some pluggable minification plug-ins for Wordpress to control 
> minification on run-time (not on build time) and being able to opt it
> out?

Because nobody want non-minified JS files, like nobody want non-optimized
executables (even if they are easier to debug). You are of course
welcome to implement that into Wordpress if you think this is important.

The security concern at the beginning of this thread also applies fully
to C (https://www.alchemistowl.org/pocorgtfo/pocorgtfo08.pdf, 8:3).
There's small choice in rotten apples.
		-- William Shakespeare, "The Taming of the Shrew"

Attachment: signature.asc
Description: PGP signature

Reply to: