[Owncloud] improving OwnCloud javascript theming/templating

Stefan Nagtegaal development at standoutdesign.nl
Sun Mar 17 15:37:14 UTC 2013


Alright. Agreed, I seem to have missed that.
However, it just adds another templating language to learn, which is where we seem to rise another barrier for theming things more easily.

XSS injections and other security issues *must* be addressed inside the source code (preferably through PHP). If the bas code is crap, everything on top if it will only make things worse.


Stefan

Op 17 mrt. 2013, om 11:29 heeft Bernhard Posselt <nukeawhale at gmail.com> het volgende geschreven:

> Templating. If you want to bind unsafe content you have to specifically allow it http://docs.angularjs.org/api/ng.directive:ngBindHtmlUnsafe
> 
> On 03/16/2013 01:42 PM, Stefan Nagtegaal wrote:
>> And how does it prevent that?
>> 
>> 
>> Verstuurd vanaf mijn iPhone
>> 
>> Op 16 mrt. 2013 om 13:22 heeft Lukas Reschke <lukas at owncloud.org> het volgende geschreven:
>> 
>>> 
>>> On Sat, Mar 16, 2013 at 12:43 PM, Stefan Nagtegaal <development at standoutdesign.nl> wrote:
>>> In the manual is also written about AngularJS, which imo is bad to use for templating. It's not fast enough, and forces users to learn another way of writing code, instead of just CSS/HTML and a small bit of JS.
>>> 
>>> Can't judge about the speed nor if this is bad for templating, however AngularJS is really cool when it comes to security features and testing.
>>> 
>>> It prevents nearly all XSS vectors and fully supports Content-Security-Policy. (Which we've enabled with ownCloud 5.0)
>>> 
>>> Sure - the "right" way would be just to write secure code, however humans are not perfect and even the most experienced developers sometimes do wrong things ;-)
>>> 
>>> -- 
>>> ownCloud
>>> Your Cloud, Your Data, Your Way!
>>> 
>>> GPG: 0xEB32B77BA406BE99
>>> _______________________________________________
>>> Owncloud mailing list
>>> Owncloud at kde.org
>>> https://mail.kde.org/mailman/listinfo/owncloud
>> 
>> 
>> _______________________________________________
>> Owncloud mailing list
>> Owncloud at kde.org
>> https://mail.kde.org/mailman/listinfo/owncloud
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130317/5f795b9c/attachment.html>


More information about the Owncloud mailing list