Alright. Agreed, I seem to have missed that. However, it just adds another templating language to learn, which is where we seem to rise another barrier for theming things more easily.
XSS injections and other security issues *must* be addressed inside the source code (preferably through PHP). If the bas code is crap, everything on top if it will only make things worse. Stefan Op 17 mrt. 2013, om 11:29 heeft Bernhard Posselt <[email protected]> het volgende geschreven: > Templating. If you want to bind unsafe content you have to specifically allow > it http://docs.angularjs.org/api/ng.directive:ngBindHtmlUnsafe > > On 03/16/2013 01:42 PM, Stefan Nagtegaal wrote: >> And how does it prevent that? >> >> >> Verstuurd vanaf mijn iPhone >> >> Op 16 mrt. 2013 om 13:22 heeft Lukas Reschke <[email protected]> het >> volgende geschreven: >> >>> >>> On Sat, Mar 16, 2013 at 12:43 PM, Stefan Nagtegaal >>> <[email protected]> wrote: >>> In the manual is also written about AngularJS, which imo is bad to use for >>> templating. It's not fast enough, and forces users to learn another way of >>> writing code, instead of just CSS/HTML and a small bit of JS. >>> >>> Can't judge about the speed nor if this is bad for templating, however >>> AngularJS is really cool when it comes to security features and testing. >>> >>> It prevents nearly all XSS vectors and fully supports >>> Content-Security-Policy. (Which we've enabled with ownCloud 5.0) >>> >>> Sure - the "right" way would be just to write secure code, however humans >>> are not perfect and even the most experienced developers sometimes do wrong >>> things ;-) >>> >>> -- >>> ownCloud >>> Your Cloud, Your Data, Your Way! >>> >>> GPG: 0xEB32B77BA406BE99 >>> _______________________________________________ >>> Owncloud mailing list >>> [email protected] >>> https://mail.kde.org/mailman/listinfo/owncloud >> >> >> _______________________________________________ >> Owncloud mailing list >> [email protected] >> https://mail.kde.org/mailman/listinfo/owncloud > > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
