

Quipt: Client side javascript caching - Chaserson
http://code.google.com/p/quipt/
qUIpt is a small library that is capable of caching Javascript files inside the users browser - even if SSL is active. qUIpt helps the site owner by reducing traffic costs and the user with faster page loading.
======
simonw
Jesse Rudermann pointed out a nasty security concern on my blog:
<http://simonwillison.net/2008/Jul/4/quipt/#comments>

Basically, if you have a single page anywhere on your domain that doesn't run
the script, a malicious site could load up window.name with something nasty
and then send the user to that page - if they then followed a link to a page
that did execute the script the malicious code would be executed as an XSS
attack.

------
jbyers
I don't understand the value of this library. For non-SSL static files, the
usual techniques apply: long-term expires headers, gzip compression, combining
multiple scripts, CDN, etc. For SSL content, IE7 and FF3 will use disk caching
for static files if cache-control is public (FF2 requires a configuration
change). Is there a use for this I'm missing?

