<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Templating. If you want to bind unsafe
content you have to specifically allow it
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a
href="http://docs.angularjs.org/api/ng.directive:ngBindHtmlUnsafe">http://docs.angularjs.org/api/ng.directive:ngBindHtmlUnsafe</a><br>
<br>
On 03/16/2013 01:42 PM, Stefan Nagtegaal wrote:<br>
</div>
<blockquote
cite="mid:7179237F-65DF-4D8A-AFF9-D907F5589E93@standoutdesign.nl"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<div>And how does it prevent that?</div>
<div><br>
</div>
<div><br>
Verstuurd vanaf mijn iPhone</div>
<div><br>
Op 16 mrt. 2013 om 13:22 heeft Lukas Reschke <<a
moz-do-not-send="true" href="mailto:lukas@owncloud.org">lukas@owncloud.org</a>>
het volgende geschreven:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div dir="ltr">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Mar 16, 2013 at 12:43 PM,
Stefan Nagtegaal <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:development@standoutdesign.nl"
target="_blank">development@standoutdesign.nl</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px
0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">In
the manual is also written about AngularJS, which imo
is bad to use for templating. It's not fast enough,
and forces users to learn another way of writing code,
instead of just CSS/HTML and a small bit of JS.</blockquote>
</div>
<br>
Can't judge about the speed nor if this is bad for
templating, however AngularJS is really cool when it comes
to security features and testing.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">
It prevents nearly all XSS vectors and fully supports
Content-Security-Policy. (Which we've enabled with
ownCloud 5.0)</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Sure - the "right" way would be
just to write secure code, however humans are not perfect
and even the most experienced developers sometimes do
wrong things ;-)</div>
<div>
<div><br>
</div>
-- <br>
<div dir="ltr">ownCloud<br>
Your Cloud, Your Data, Your Way!<br>
<div><br>
</div>
<div>
<div>GPG: 0xEB32B77BA406BE99</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Owncloud mailing list</span><br>
<span><a moz-do-not-send="true" href="mailto:Owncloud@kde.org">Owncloud@kde.org</a></span><br>
<span><a moz-do-not-send="true"
href="https://mail.kde.org/mailman/listinfo/owncloud">https://mail.kde.org/mailman/listinfo/owncloud</a></span><br>
</div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Owncloud mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Owncloud@kde.org">Owncloud@kde.org</a>
<a class="moz-txt-link-freetext" href="https://mail.kde.org/mailman/listinfo/owncloud">https://mail.kde.org/mailman/listinfo/owncloud</a>
</pre>
</blockquote>
<br>
</body>
</html>