WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 5 years ago

Last modified 4 years ago

#32793 closed enhancement (wontfix)

Combine jQuery and jQuery migrate to reduce HTTP requests

Reported by: peterwilsoncc Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.6
Component: External Libraries Keywords: needs-refresh
Focuses: javascript, performance Cc:

Description

Combining the jQuery and jQuery migrate scripts will improve performance by reducing HTTP requests. As jQuery scripts are loaded in the header, this will reduce the period of render blocking.

In the attached patch

  • the files load separately when SCRIPT_DEBUG is enabled
  • jquery-core and jquery-migrate effectively become aliases of jquery
  • aliases are queued to footer to allow theme/plugin devs to move jQuery to footer if they wish

Cons/risks

  • plugins/themes replacing jquery with a CDN version could remove migrate
  • drama and pushback from devs who keep their code free of deprecated jQuery functions

Attachments (2)

32793.1.diff (2.8 KB) - added by peterwilsoncc 6 years ago.
32793.2.diff (2.8 KB) - added by peterwilsoncc 6 years ago.

Download all attachments as: .zip

Change History (13)

#1 follow-up: @Otto42
6 years ago

It has been pointed out that jQuery-migrate can introduce vulnerabilities fixed in past versions of jQuery.

http://wphighed.org/2014/10/potential-cross-site-scripting-vulnerability-in-jquery-scripts/

Should we instead look at a way to reduce the need for jQuery-migrate and get everybody to use the most recent versions, without old dependencies?

#2 in reply to: ↑ 1 @peterwilsoncc
6 years ago

  • Keywords has-patch added

Replying to Otto42:

Should we instead look at a way to reduce the need for jQuery-migrate and get everybody to use the most recent versions, without old dependencies?

#22975 and #25371 (and I'm sure others) dealt with removing deprecated functions from core. Including a test for deprecated functions in grunt would be a useful addition to the core build process.

It would be nice to encourage plugin and theme developers to use jquery-core but it does run the risk of abandoned plugins blowing up sites' JavaScript. But yes, it would be useful.

#3 @netweb
6 years ago

Related: #32358

#4 @peterwilsoncc
6 years ago

  • Keywords needs-refresh added

Refresh reqd following #32794 [32978]

#5 @peterwilsoncc
6 years ago

  • Keywords needs-refresh removed

32793.2.diff contains the refresh for jQuery 1.11.3

#6 @peterwilsoncc
6 years ago

  • Keywords needs-refresh added; has-patch removed

This ticket was mentioned in Slack in #core by peterwilsoncc. View the logs.


5 years ago

#8 @peterwilsoncc
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

No traction.

#9 @jhabdas
4 years ago

See Feb 2017 update at beginning of post: https://digwp.com/2009/06/including-jquery-in-wordpress-the-right-way/.

Post originally authored by Chris Coyier. Not sure who made the edit.

Here's what's being suggested as "the right way" of including jQuery:

// include custom jQuery
function shapeSpace_include_custom_jquery() {

        wp_deregister_script('jquery');
        wp_enqueue_script('jquery', 'https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js', array(), null, true);

}
add_action('wp_enqueue_scripts', 'shapeSpace_include_custom_jquery');

Because jquery handle object has dependencies on jquery-migrate and jquery-core this approach listed on the post of a well-respected author has the following potential impacts:

  • Removes migrate entirely by rewriting the jquery handle object
  • Removes core jQuery by rewriting the jquery handle object
  • Adds jQuery without ver, which could impact cache busting objectives
  • Proposes loading jQuery from CDN, which introduces a SPOF for adopting sites
  • Introduces potential security risks as Subresource integrity is not used

Just thought I'd make a note of it.

Last edited 4 years ago by jhabdas (previous) (diff)

#10 @Otto42
4 years ago

Here's what's being suggested as "the right way" of including jQuery:

That is incorrect, and not at all the right way to include jQuery. If you want to include jQuery from a CDN, then we have plugins that do that the correct way. Rolling-your-own bad-code is never a good idea.

#11 @jhabdas
4 years ago

Precisely why I brought it up. Please consider remediation on your end if it makes sense (reach out to Chris?). I image the approach will spread like wildfire given the post author. Hope the nugget of 411 helps in some way. Cheers.

Last edited 4 years ago by jhabdas (previous) (diff)
Note: See TracTickets for help on using tickets.