14 Sep
2007
14 Sep
'07
4:10 p.m.
Quoting Jeff Eaton <jeff@viapositiva.net>:
This is very true. The concern that sparked this discussion revolved around *automatically downloading* javascript files from a *remote server* and automatically including them in Drupal's output to end- users. Compromising remote servers in that scenario (as happened with Wordpress) could easily result in jillions of Drupal sites auto- downloading a compromised version of a js file and 'reflecting' it out to all of their users.
It wasn't me and I missed the suggestion. This is different than allowing the administrator to upload a file to the files/jquery directory. Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/