Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a "Chrome CSP Compliant" criteria #13

Closed
RonnyO opened this issue Sep 29, 2012 · 1 comment
Closed

Add a "Chrome CSP Compliant" criteria #13

RonnyO opened this issue Sep 29, 2012 · 1 comment

Comments

@RonnyO
Copy link

RonnyO commented Sep 29, 2012

Great work on this tool, Garann.

Now that Chrome is aggressively pushing Manifest Version 2, lots of templating engines aren't usable in that context. They might be in later versions with explicit whitelisting or inside a sandbox, but these demand extra work.

So I suggest adding the "Chrome CSP Compliant" criteria, which basically means a library never uses eval, new Function() and the like. For example, underscore.js doesn't comply while Addy Osmani's fork of Mustache.js does.
@garann
Copy link
Owner

garann commented Jun 6, 2013

I think this is a good idea, but is fairly specific. I'd certainly accept a PR, but I think your link may offer the best solution:

Use a library that offers precompiled templates and you’re all set.

I'm going to consider that sufficient for now, but if you do feel like adding a new criteria and researching all the template engines, please feel free. :)

@garann garann closed this as completed Jun 6, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RonnyO @garann