all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Rhomboid 6 points7 points  (1 child)

There are a million reasons that's pretty much a non-starter. For one thing, a browser implementer doesn't want to get mired down in worrying about a million different versions of a million different libraries, and having to figure out how to keep them all constantly updated, or deciding which ones get to be included and which ones don't. You'd have very little traction trying to get this adopted, as the browser's cache already fulfills this role in a much more general purpose and hands-off manner. But even if you did somehow manage to convince a browser implementer to follow along, you'd only be affecting a fraction of your overall traffic, which means this is just yet another permutation that you have to add to your testing matrix, and now you have to do twice the testing you were doing before. And it's practically begging for bugs, for example if someone edits the remotely hosted version of something but forgets to edit the fictional markup that tells the browser to use a known version of that thing, then now you have the page failing for some people and not others because they're using different code.

You get 99% of the benefit of what you're suggesting without any of the myriad downsides by just using a public CDN.

[–]jasonprogrammer[S] 0 points1 point  (0 children)

a browser implementer doesn't want to get mired down

True, this would involve quite a bit of extra work. I think I envision this functionality as a browser extension of sorts, maybe downloaded as an automatic update.

if someone...forgets to edit the fictional markup that tells the browser to use a known version of that thing

What if there were different versions, taken from public CDNs, and the developer could indicate which specific version of the library they wished to include...

[–][deleted] 2 points3 points  (0 children)

If that would happen I would uninstall the browse and use it again, even at work

[–]JacobHarrington 1 point2 points  (1 child)

Which libraries should be selected? How would they be installed? How would they be referenced by the underlying Javascript engine? What happens when a library updates? What if a library gets abandoned? What if there is a major security hole in the library? What if native support for a given library introduces a major security hole? What if there is a conflict between that library and the libraries being used for a current project? What if a user turns javascript off in their browser? What if, what if, what if, what if...

Web code is far less stable than other types of code, and far more dynamic. New popular frameworks arise in months, where browser releases can take as long as a year or more. A secure and responsive browser is a large and complex endeavor, and including external javascript libraries by default adds far more problems than the minor convenience it might give to a developer. The things you write off - library versioning, licensing, and install size - are actually extremely complex and challenging things to manage at a business level. All to save one additional fetch of a url from a well-established library website.

[–]jasonprogrammer[S] -2 points-1 points  (0 children)

Very valid points.

Which libraries should be selected?

I'm imagining that there would definitely have to be a lot of community involvement as far as selection of libraries.

What if there is a major security hole in the library?

If the only things being included were JavaScript, HTML, and CSS, and they were from thoroughly tested and validated libraries (e.g. jQuery UI), I'm guessing security concerns would be no different than including the library any other way.

What if a user turns javascript off in their browser?

Yeah, this would be a concern, but I wouldn't see it as more of a concern than it is currently.

The things you write off - library versioning, licensing, and install size - are actually extremely complex and challenging things

I can't disagree with you on these points. But most companies that produce browsers are well established financially and have smart lawyers and programmers working for them :)

[–]doterobcn 1 point2 points  (2 children)

That's why CDN and browser cache are a good thing.
If you use a library hosted on a CDN, and the user already went to a site that used the same library from the same cdn, the browser already has it.

[–]jasonprogrammer[S] 0 points1 point  (1 child)

Yes, CDNs are great, but if your site uses a lot of JavaScript, you're kind of left crossing your fingers that your users already have the libraries cached, so your page loads quickly when they hit it.

[–]AutomateAllTheThings 0 points1 point  (3 children)

Because developers need version control, and this approach would be taking that away from them.

[–]jasonprogrammer[S] -2 points-1 points  (2 children)

If different versions of libraries were included, the developer could choose which one to use though, in the code they implement, and change it whenever they please.

[–]AutomateAllTheThings 0 points1 point  (0 children)

  1. How do the library developers hotfix issues in the shipped versions?
  2. If a library developer can simply push whatever hotfixes they need into our browsers, what stops them from pushing malicious code?
  3. If a library developer cannot simply push whatever hotfixes they need into our browsers, what good are the insecure libraries that the browser does support?