A webpage is a document written in a standard markup language, such as Hypertext Markup Language (HTML), that is typically downloaded to a network device over the World Wide Web from a webserver. Once downloaded, the webpage is then displayed to a user of the network device in an application known as a web browser (or simply a “browser”). A static webpage is generally downloaded and displayed in the browser exactly as stored on the webserver. In contrast, a client-side dynamic webpage generally includes scripts embedded in the markup language of the webpage that are executed by the browser as the webpage loads in the browser.
Scripts may be embedded directly in the markup language of the webpage or may be embedded indirectly in the markup language of the webpage by embedding a reference to a separate script that is stored outside the webpage. For example, embedding a reference to a separate script in a webpage, instead of embedding the script itself, may allow the webpage to be smaller in size, may allow the separate script to be cached by the browser for future use, may make the source code of the webpage more readable, and may allow for the separate script to be updated and improved over time in a single location without requiring updates to any particular webpage that embeds a reference to the script.
One difficulty with embedding a reference to a separate script in a webpage is the security risks inherent in separate scripts. For example, where a separate script is controlled by a third-party, there is always a possibility that the separate script may be hacked or otherwise compromised such that the separate script becomes malicious. For example, a malicious script may be configured to capture confidential information without authorization, such as usernames, passwords, account numbers, and social security numbers. Thus, embedding a reference to a separate script controlled by a third-party in a webpage may result in the webpage inadvertently executing a malicious script once the webpage is loaded in a browser. Therefore, the benefits of embedding a reference in a webpage to a separate script controlled by a third-party may be outweighed by the security risks inherent in the use of the separate script.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one example technology area where some embodiments described herein may be practiced.