I'd like to echo this desire to remove such dynamic code from the library if possible. Chrome extensions are becoming more and more strict and they now require special permissions to execute either 'eval' or 'new Function' calls. Hopefully they keep this as a possibility, but there's no guarantee of that. Excising such code, if possible, from the framework is probably good both for security reasons and maybe even performance in some contexts.
--Greg On Mon, Dec 10, 2012 at 10:39 AM, fprijate <[email protected]> wrote: > Hi > > I just studied HTML5 CSP content security policy > <http://www.html5rocks.com/en/tutorials/security/content-security-policy/> > where inline code and eval is considered harmful. > It's allso "Bad part " by Douglas crockford > <http://javascript.crockford.com/> > So I just scaned a repo for eval. > There are some parts where eval is obviously needed (in playground ....). > But there are also some evals that can be safely replaced by direct code. > Like eval('some_expression') with some_expression. > > regards > FranĨek > > > > > > -- > View this message in context: > http://qooxdoo.678.n2.nabble.com/Use-of-eval-in-framework-tp7582238p7582249.html > Sent from the qooxdoo mailing list archive at Nabble.com. > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > qooxdoo-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ qooxdoo-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
