Securing your assets for the future
In Chapter 3, we added web assets to our component using the Joomla! Web Asset Manager and we noticed all the benefits it provides. But at some point, when you wish to make small and quick changes to your code, you might be tempted to include your styles or JavaScript directly in the HTML code of your layout files. Even more, you might feel a bit lazy and include them inside your extension folder instead of the media folder.
This might lead to exposing your extension folder to an attacker, and third-party firewall extensions installed in Joomla! might block access to these files.
Since the release of Joomla! 5, users can install their Joomla! files outside of the server’s public folder. Linking to the direct URL of the files might be impossible in those cases.
Nowadays, adding HTML attributes such as onclick="" or onchange="" is deprecated and you should avoid them. Instead, define your events in your JavaScript...
