GF's policy on loading remote scripts makes sense. Openly loading scripts from untrusted sites would allow authors to change scripts without anyone having the ability to audit the changes. The 2MB maximum size policy is reasonable too, since people stuffing 50MB of data in every version of a script could explode the storage and bandwidth requirements of the site.
But my script is 1.4 MB and slowly growing. It's a complex script that completely replaces the UI for a site. It's not 2MB, but it's gradually edging upwards, and I'm going to be at a dead-end if I reach that point. Moving the graphics and stylesheets out wouldn't do much (maybe 100k), it's almost all code.
It would be great if remote scripts were permitted, as long as subresource integrity is used to prevent them from being modified. You're probably already familiar with this, but for reference:
GF's policy on loading remote scripts makes sense. Openly loading scripts from untrusted sites would allow authors to change scripts without anyone having the ability to audit the changes. The 2MB maximum size policy is reasonable too, since people stuffing 50MB of data in every version of a script could explode the storage and bandwidth requirements of the site.
But my script is 1.4 MB and slowly growing. It's a complex script that completely replaces the UI for a site. It's not 2MB, but it's gradually edging upwards, and I'm going to be at a dead-end if I reach that point. Moving the graphics and stylesheets out wouldn't do much (maybe 100k), it's almost all code.
It would be great if remote scripts were permitted, as long as subresource integrity is used to prevent them from being modified. You're probably already familiar with this, but for reference:
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
using Githubissues.