You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Now that Chrome is aggressively pushing Manifest Version 2, lots of templating engines aren't usable in that context. They might be in later versions with explicit whitelisting or inside a sandbox, but these demand extra work.
So I suggest adding the "Chrome CSP Compliant" criteria, which basically means a library never uses eval, new Function()and the like. For example, underscore.js doesn't comply while Addy Osmani's fork of Mustache.js does.
The text was updated successfully, but these errors were encountered:
I think this is a good idea, but is fairly specific. I'd certainly accept a PR, but I think your link may offer the best solution:
Use a library that offers precompiled templates and you’re all set.
I'm going to consider that sufficient for now, but if you do feel like adding a new criteria and researching all the template engines, please feel free. :)
Great work on this tool, Garann.
Now that Chrome is aggressively pushing Manifest Version 2, lots of templating engines aren't usable in that context. They might be in later versions with explicit whitelisting or inside a sandbox, but these demand extra work.
So I suggest adding the "Chrome CSP Compliant" criteria, which basically means a library never uses
eval
,new Function()
and the like. For example, underscore.js doesn't comply while Addy Osmani's fork of Mustache.js does.The text was updated successfully, but these errors were encountered: