Surely this can be dealt with by extending the CSP policy to allow script domains which are able to call System.define. Surely it is an equivalent permission to being able to load script from the domain anyway, when it is restricted to running in the outer scope only?
On 31 October 2013 16:10, Erik Arvidsson <erik.arvids...@gmail.com> wrote: > I see that Jason added a Loader.prototype.define to his reference > implementation. > https://people.mozilla.org/~jorendorff/js-loaders/Loader.html#section-177. > This is great. It is a much needed capability to allow bundling modules > into a single file. > > It allows you to do something like > > System.define(['url-a', urlB], ['export var a = "a";', moduleBodyForUrlB]); > > However, this is just another form of eval and will therefore not be > available in CSP. Can we come up with something that works in CSP > environments? How about? > > module 'url-a' { > export var a = "a"; > } > > =P > > -- > erik > > _______________________________________________ > es-discuss mailing list > es-discuss@mozilla.org > https://mail.mozilla.org/listinfo/es-discuss > >
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss