From:  John Lenz <concavelenz@gmail.com>
Date:  12 Jun 2014 02:14:08 Hong Kong Time
Newsgroup:  news.mozilla.org/mozilla.dev.js-sourcemap
Subject:  

Re: Adding checksums to source maps

NNTP-Posting-Host:  63.245.216.66

Let's start a separate thread for pretending. The index map helps here.
On Jun 10, 2014 9:33 AM, "Brian Slesinsky"  wrote:

> It seems like we might have consensus that there should be a standard way
> of computing a checksum on a JavaScript file.
>
> We should probably have a standard "linecount" field (similar to
> x_google_linecount) that should be used to decide which JavaScript lines to
> include in the checksum. Then a tool can append arbitrary content to the
> end of the JavaScript file without changing the sourcemap or the checksum.
>
> This is off-topic, but it would be nice to give tools the chance to prepend
> a JavaScript header as well. Perhaps have a "// begin sourcemap URL"
> comment in the JavaScript that says where the mapped content begins. But
> there's no backwards-compatible way to do this like there is with the
> footer.
>
>
>
> On Tue, Jun 10, 2014 at 9:12 AM, Fitzgerald, Nick  >
> wrote:
>
> > On 6/9/14, 11:34 PM, Brian Slesinsky wrote:
> >
> >>   Re: Checksum in file
> >>
> >>> Having the checksum in the URL would help validate that a source map is
> >>> for that file but I think we’d still need something to verify that the
> >>> sources are for the source map.
> >>>
> >>>  To clarify, I was thinking of a checksum as an alternative to a URL,
> >> rather
> >> than part of it. The debugger could ignore a given URL and generate its
> >> own
> >> (perhaps to a private server) that includes the checksum, or perhaps the
> >> debugger wouldn't even use HTTP(S) to fetch the sourcemap. But if the
> >> debugger does use the given URL, it would probably make sense to pass
> the
> >> checksum as well, perhaps as a query parameter or HTTP header. (Since
> the
> >> debugger doesn't actually need to do any checksum calculation but just
> >> hands back what it was given, it's actually more of an opaque token in
> >> this
> >> scenario.)
> >>
> >
> > This use case seems mostly beneficial to internal tools (such as
> > deobfuscating client-side error stacks on the server), and I don't feel
> > that it really needs to be mentioned and formalized in the source map
> spec
> > the way the `//# sourceMappingURL` comment is.
> >
> > For the use case where you want to give the use an option to supply their
> > own source map but want to warn them if its the wrong one, having the
> > hashes in the source map itself is enough.
> >
> > _______________________________________________
> > dev-js-sourcemap mailing list
> > dev-js-sourcemap@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/dev-js-sourcemap
> >
> _______________________________________________
> dev-js-sourcemap mailing list
> dev-js-sourcemap@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-js-sourcemap
>