Coding with Jesse

Google is Hosting Ajax Libraries

June 2nd, 2008

You may have heard that Google is hosting a number of Ajax APIs, including jQuery, prototype,, MooTools and dojo.

Ajaxian actually has a good write-up of the benefits of this hosting. Long story short: Google's servers do caching and gzip compression as good or better than most of us know how to do, plus their web hosting is collocated and fast. On top of that, if we all were to get our sites to use the copy of jQuery on Google, our users will be more likely to have it cached before they ever visit our site.

To get started with jQuery 1.2.6, for example, you could just use this script tag:

<script type="text/javascript" src=""></script>

For other libraries and library loading techniques, check out the documentation.

All of this is really great, and I plan on using it on production sites in the future.. but can you spot the security hole this creates? How hard would it be for some disgruntled employee of Google to slip a few lines of evil JavaScript onto thousands (millions?) of web pages? Thankfully, Google's reputation is on the line as well, and I surely trust them to protect that!


1 . Binny V A on June 2nd, 2008

Binny V A

There is another problem - Google gets the usage stats of your site. That makes it much easier for Google to track users across sites.

2 . Stefan on June 2nd, 2008


Binny V A, so what's the problem with Google getting usage statistics about our sites?
We all use Google Analytics anyway...

And I have the same argument on "how hard would it be for some disgruntled employee of Google to slip a few lines of evil JavaScript"... we already use JavaScripts hosted on their servers when we insert the code they give us at Google Analytics in our pages, don't we?
They might as well insert malefic js from there. But we trust them not to.

3 . Jesse Skinner on June 2nd, 2008

Jesse Skinner

@Stefan - excellent point, though it doesn't make it any less of a security hole. But we all seem to take that risk quite easily (this site included).

4 . Binny V A on June 2nd, 2008

Binny V A

True - I myself use Analytics. But in case of Analytics, the users know that their user stats are collected by google. But in this case, its not that apparent.

Basically it all depends on how much you trust google.

5 . Matt on June 5th, 2008


I don't think their caching or gzip compression is any better than what is available to Linux users. Where they have us is huge infrastructure.

But otherwise great if you can put up with Google knowing all. That is up to the end user which a high percentage doesn't care.

6 . Andreas on June 8th, 2008


Thanks for the Information, jquery is one of my fav js frameworks (behind prototype). but beware of spamblocker, sometimes google urls are blocked by default (in reasson of analytics).


7 . Baptista - Ttaxi on July 4th, 2008

Baptista - Ttaxi

Hi there,

I have a problem with a PHP booking form with used with mozilla

What recomendations can you give me, I think is something related with the css file????


8 . lewis litanzios on October 15th, 2008

lewis litanzios

you learn a new word every day: 'collocated' ;)

Comments are closed, but I'd still love to hear your thoughts.