{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 孤傲高冷的网名 的问题《Is it “safe” to use schemeless protocol URIs on pu》','https://www.manongdao.com/q-1229621.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In HTML when referencing images, css, javascript, etc... I sometimes use links without the http or https scheme portion, à la. <img src="//www.example.com/dir/file.gif" alt="" /> and I haven't had any browsers choke on it yet (that I know of). I've seen a few other public sites use it as well, but not many.
I even reference the Google jQuery CDN with this syntax on an e-commerce site:
<script src="//ajax.googleapis.com/ajax/.." type="text/javascript"></script>
Obviously, I only do this when I know the server has both http and https capabilities. (Usually my own sites)
So my question is what harm can this cause? What are the pitfalls or downsides?
It will not harm anyway. Actually, if you write src="http://ajax.googleapis.com/ajax/.. and your user will browse site over HTTPS then browser will warn user that parts of the site uses HTTP. It is better to use // notation for such cases.
A recent blog answered my question and sent me off to a couple places to learn more.
The answer is most definitely yes as long as you are aware of two things:
This may not apply in this specific case, however one of the pattern we're using for our mobile apps development is to download the HTML locally to the device and render it in a web control. scripts using schemeless URL will not work as mentioned above.