+1 for <meta property="uuf:data" content="ew0KIGNvbnRleHRQYXRoOiAiL3Bvcn RhbCINCn0=">.
AFAIK there's no hard limitation in meta tags unless search engines cut off at some point for the SEO. On Wed, May 31, 2017 at 5:18 PM, Dakshika Jayathilaka <[email protected]> wrote: > Hi All, > > IMHO if we are going forward with meta tag we need to think about HTML > validation as well. AFAIK according to the specification, we can't use > value or data attrib with meta tags[1]. +1 for using content attrib. > > [1] https://www.w3.org/TR/html5/document-metadata.html#the-meta-element > > *Dakshika Jayathilaka* > PMC Member & Committer of Apache Stratos > Associate Technical Lead > WSO2, Inc. > lean.enterprise.middleware > 0771100911 > > On Wed, May 31, 2017 at 4:05 PM, Jerad Rutnam <[email protected]> wrote: > >> Hi Sajith, >> >> As for the offline discussion we had. IMO I feel it's ok to use <meta> >> tag for it. But have some minor suggestions, please see the example below. >> >> <meta property="uuf:data" data-from-server="ew0KIGNvbnRl >> eHRQYXRoOiAiL3BvcnRhbCINCn0="> >> >> Cheers, >> >> On Wed, May 31, 2017 at 1:04 PM, SajithAR Ariyarathna <[email protected]> >> wrote: >> >>> Hi All, >>> >>> We are in the process of doing $subject. >>> >>> # What is sendToClient() function? >>> >>> Its a server-side JS function provided by UUF that can be used to send a >>> server-side value to the client-side. >>> >>> >>> function onGet(env) { >>> >>> sendToClient("contextPath", env.contextPath); >>> >>> } >>> >>> >>> Which will produce following inline-script >>> >>> <script type="text/javascript">var contextPath="/portal";</script> >>> >>> >>> However, we are hoping to set the Content-Security-Policy header to >>> disable inline-JS scripts as a security measure against XSS >>> vulnerabilities (as suggested by the security team). >>> >>> Content-Security-Policy: upgrade-insecure-requests, *default-src 'self'*, >>> frame-ancestors >>> 'none' >>> >>> So setting the Content-Security-Policy header to above will break the >>> sendToClient functionality. >>> >>> # Proposing solution >>> >>> Create a <meta> tag in the page header that contains all the values >>> sent from server-side. >>> >>> <meta name="uuf/from-server" content="ew0KIGNvbnRleHRQYXRoO >>> iAiL3BvcnRhbCINCn0="> >>> >>> >>> - Only one <meta> tag will be created. >>> - All the values sent from server-side will be composed into a JSON, >>> and that JSON string will be encoded to Base64. >>> - In order to access a value, webapp developer has to use the >>> UUFClient. >>> - e.g. UUFClient.fromServer("contextPath") which will return >>> "/portal" >>> - Please note that, this will be a breaking change for existing UUF >>> apps/component that utilizes sendToClient() function. >>> >>> WDYT? >>> >>> Thanks. >>> -- >>> Sajith Janaprasad Ariyarathna >>> Senior Software Engineer; WSO2, Inc.; http://wso2.com/ >>> <https://wso2.com/signature> >>> >> >> >> >> -- >> *Jerad Rutnam* >> *Senior Software Engineer* >> >> WSO2 Inc. >> lean | enterprise | middleware >> M : +94 77 959 1609 | E : [email protected] | W : www.wso2.com >> >> <https://wso2.com/signature> >> > > -- With Regards, *Rasika Perera* Senior Software Engineer LinkedIn: http://lk.linkedin.com/in/rasika90 <http://wso2.com/signature> WSO2 Inc. www.wso2.com lean.enterprise.middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
