Is IE8 going to break my CDN hosted jQuery?

Question

IE8 has a feature called InPrivate Filtering, which will block scripts it finds on webpages from more than 'n' different sites.

I'm listening to the most recent 'Security Now' podcast which is raving about this feature as being great.

At the very same time I'm screaming NOOO! What the *#&$ -- because my site (as does many many others) includes the following (jQuery + SWFObject). i.e. I'm using Google's CDN to host my jQuery.

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>   
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>

So whats the deal - should I stop usin jQuery and swfobject from a CDN ?

Whats everybody else doing?

**Edit: ** I couldn't find out if they keep a list of 'trusted sites' or not, but according to this from Microsoft the InPrivate filtering is per session. So at least someone has to actively enable it every session.

InPrivate Filtering is off by default and must be enabled on a per-session basis. To use this feature, select InPrivate Filtering from the Safety menu. To access and manage different filtering options for Internet Explorer 8, select InPrivate Filtering Settings from the Safety menu. To end your InPrivate Browsing session, simply close the browser window.

Answer 1

If your site has content that people would not want cached (bank site, porn, or something else "sensitive"), then I would not use an externally hosted file. Or if your site is just totally broken if the file does not load I would consider it. But if your site is anything else, I wouldn't worry about it. I don't think this is a feature most people will use if they want to hide their tracks. And if they really want to, let them deal with the consequences.

Answer 2

This may seem silly but since IE8 is out, why don't you test your site with InPrivate turned on and see how it behaves? Also if you can report back your findings here that would be great :)

Answer 3

It looks like there's a significant chance this will be disabled with InPrivate enabled, but it ultimately depends on each user's browsing habits.

If a user visits 10 sites in regular mode that all link to files from the same third-party domain, links to files on that domain will be blocked when InPrivate is enabled.

So while you won't be able to take advantage of the CDN, you should host files like this yourself if you need them to work reliably.

InPrivate Blocking keeps a record of third-party items like the one above as you browse. When you choose to browse with InPrivate, IE automatically blocks sites that have “seen” you across more than ten sites.

You can also manually choose items to block or allow, or obtain information about the third-party content directly from the site by clicking the “More information from this website” link. Note that Internet Explorer will only record data for InPrivate Blocking when you are in “regular” browsing mode, as no browsing history is retained while browsing InPrivate. An easy way to think of it is that your normal browsing determines which items to block when you browse InPrivate.

Disclaimer: I haven't actually tested any of this as I don't have IE8, but the document you linked to is pretty clear about this.

Answer 4

You should host the JS files on your own site.

Here's another reason to host the JS file on your site.

Answer 5

I've always wondered, would it be possible to have a safe fallback in the event the CDN is down/unavailable?

Something like:

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> 
<script type="text/javascript">
   if (typeof jQuery == 'undefined') {
       document.write(unescape("%3Cscript src='local/jquery.min.js' type='text/javascript'%3E%3C/script%3E"));
}
</script>