[Owncloud] improving OwnCloud javascript theming/templating
Bernhard Posselt
nukeawhale at gmail.com
Sun Mar 17 10:29:23 UTC 2013
Templating. If you want to bind unsafe content you have to specifically
allow it http://docs.angularjs.org/api/ng.directive:ngBindHtmlUnsafe
On 03/16/2013 01:42 PM, Stefan Nagtegaal wrote:
> And how does it prevent that?
>
>
> Verstuurd vanaf mijn iPhone
>
> Op 16 mrt. 2013 om 13:22 heeft Lukas Reschke <lukas at owncloud.org
> <mailto:lukas at owncloud.org>> het volgende geschreven:
>
>>
>> On Sat, Mar 16, 2013 at 12:43 PM, Stefan Nagtegaal
>> <development at standoutdesign.nl
>> <mailto:development at standoutdesign.nl>> wrote:
>>
>> In the manual is also written about AngularJS, which imo is bad
>> to use for templating. It's not fast enough, and forces users to
>> learn another way of writing code, instead of just CSS/HTML and a
>> small bit of JS.
>>
>>
>> Can't judge about the speed nor if this is bad for templating,
>> however AngularJS is really cool when it comes to security features
>> and testing.
>>
>> It prevents nearly all XSS vectors and fully supports
>> Content-Security-Policy. (Which we've enabled with ownCloud 5.0)
>>
>> Sure - the "right" way would be just to write secure code, however
>> humans are not perfect and even the most experienced developers
>> sometimes do wrong things ;-)
>>
>> --
>> ownCloud
>> Your Cloud, Your Data, Your Way!
>>
>> GPG: 0xEB32B77BA406BE99
>> _______________________________________________
>> Owncloud mailing list
>> Owncloud at kde.org <mailto:Owncloud at kde.org>
>> https://mail.kde.org/mailman/listinfo/owncloud
>
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130317/2d6fa195/attachment.html>
More information about the Owncloud
mailing list