Menu
Welcome, Guest
Username: Password: Remember me

TOPIC: Bad Practice?

Bad Practice? 1 week 2 days ago #89264

  • johnwreford
  • johnwreford's Avatar
  • Offline
  • Junior Member
  • Posts: 23
  • Karma: 0
I thought I read that it was discouraged for some reason to use something like this

A CDN such as below

<script src="unpkg.com/sweetalert/dist/sweetalert.min.js"></script>
The administrator has disabled public write access.

Bad Practice? 1 week 1 day ago #89277

  • pgr
  • pgr's Avatar
  • Offline
  • Administrator
  • Posts: 10932
  • Thank you received: 1635
  • Karma: 371
I'm not sure if that's what you mean, but maybe you're talking about cross-site scripting (XSS)?

This is ok if you know which script you're including, as long as accessing that site is fast enough so it doesn't slow up your page loading too much.

But it is considered suspicious and you might get into trouble with some web server or browser that detects it and isn't happy about it.

Another thing is that even if it's your script, and it's safe, an attacker could try diverting that address (through DNS manipulation for example) and loading up a malicious script instead.

My SuiteCRM In-depth blog.
Thank you for always stating your SuiteCRM version, checking your logs, reading the Docs, and searching before you ask!
The administrator has disabled public write access.
The following user(s) said Thank You: johnwreford
Time to create page: 0.029 seconds
Powered by Kunena Forum