Thanks Jens for the response.
Yes "processing of 'ensureDebugId()'" I meant, runtime overhead.
And why do you think it won't require extra 'Javascript' download, as if you want to set debugIds you need to inherit Debug module.
I agree, the 2nd point(injection of script), is hypothetical.
Regards
Gourab.
On Fri, Feb 26, 2016 at 8:48 PM, Jens <jens.nehlmeier@gmail.com> wrote:
--1- The JavaScript download and processing of 'ensureDebugId()' is an unwanted overhead2- when we set fixed dubug Id, someone can easily inject Unwanted script, which can make use of this ID. (Not sure who the injection will work though.)Is there any other reason why we disable Debug Ids in production ?No. Its mainly because of unneeded runtime overhead. Even your second reason is IMHO a bit exotic, because when someone can inject script into your app then you have a major security issue and these debug IDs are kind of irrelevant then.-- J.
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment