ABSTRACT

Unminified JavaScript has been included in this file. Microsoft recommends that minified versions of JavaScript libraries should be included for performance reasons.

EXPLANATION

Minification improves page load times for applications that include JavaScript files by reducing the file size. Minification refers to the process of removing unnecessary whitespace, comments, semicolons, braces, shortening the names of local variables and removing unreachable code.

Example 1: The following ASPX code includes the unminified version of Microsoft's jQuery library:


...
<script src="http://applicationserver.application.com/lib/jquery/jquery-1.4.2.js" type="text/javascript"></script>
...

REFERENCES

[1] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A1 Injection

[2] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A1 Unvalidated Input

[3] Standards Mapping - OWASP Top 10 2007 - (OWASP 2007) A3 Malicious File Execution

[4] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3510 CAT I, APP3600 CAT II

[5] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 94

[6] Introduction to CSS Minification Microsoft

[7] Microsoft AJAX Minifier Microsoft

[8] Optimizations for Improving Load Times Microsoft

[9] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Risky Resource Management - CWE ID 094

[10] Standards Mapping - SANS Top 25 2010 - (SANS 2010) Risky Resource Management - CWE ID 098

[11] Standards Mapping - FIPS200 - (FISMA) SI