CSP compilance #1
Description
Just ran into ripplejs. Good work! No other templating library handles expressions this well, which means it is easy to support ii18n, etc.
Something to start thinking about is CSP (Content-security policy)
Content-security policy disallows the use of eval and new Function on platforms such as Firefox OS, Chrome OS and Chrome Extensions manifest version 2.0.
AngularJS figured out a way around this (I am still trying to figure out how). Other templating languages are affected as well, but provide pre-compilation of templates, which turns the HTML template into a function during the build step. (see http://handlebarsjs.com/precompilation.html)
To see this in action, create a chrome extension with the following manifest.
{
"manifest_version": 2,
"name": "One-click Kittens",
"description": "This extension demonstrates a browser action with kittens.",
"version": "1.0",
"browser_action": {
"default_icon": "icon.png",
"default_popup": "index.html"
}
}
You will see the following errors in the console:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
More on content security policy:
https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://developer.chrome.com/extensions/contentSecurityPolicy
Let me know your thoughts.
A.