Bad Practice?

I thought I read that it was discouraged for some reason to use something like this

A CDN such as below

I’m not sure if that’s what you mean, but maybe you’re talking about cross-site scripting (XSS)?

This is ok if you know which script you’re including, as long as accessing that site is fast enough so it doesn’t slow up your page loading too much.

But it is considered suspicious and you might get into trouble with some web server or browser that detects it and isn’t happy about it.

Another thing is that even if it’s your script, and it’s safe, an attacker could try diverting that address (through DNS manipulation for example) and loading up a malicious script instead.

1 Like