Templating. If you want to bind unsafe content you have to specifically
allow it http://docs.angularjs.org/api/ng.directive:ngBindHtmlUnsafe
On 03/16/2013 01:42 PM, Stefan Nagtegaal wrote:
And how does it prevent that?
Verstuurd vanaf mijn iPhone
Op 16 mrt. 2013 om 13:22 heeft Lukas Reschke <[email protected]
<mailto:[email protected]>> het volgende geschreven:
On Sat, Mar 16, 2013 at 12:43 PM, Stefan Nagtegaal
<[email protected]
<mailto:[email protected]>> wrote:
In the manual is also written about AngularJS, which imo is bad
to use for templating. It's not fast enough, and forces users to
learn another way of writing code, instead of just CSS/HTML and a
small bit of JS.
Can't judge about the speed nor if this is bad for templating,
however AngularJS is really cool when it comes to security features
and testing.
It prevents nearly all XSS vectors and fully supports
Content-Security-Policy. (Which we've enabled with ownCloud 5.0)
Sure - the "right" way would be just to write secure code, however
humans are not perfect and even the most experienced developers
sometimes do wrong things ;-)
--
ownCloud
Your Cloud, Your Data, Your Way!
GPG: 0xEB32B77BA406BE99
_______________________________________________
Owncloud mailing list
[email protected] <mailto:[email protected]>
https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
