Add a "Chrome CSP Compliant" criteria #13

RonnyO opened this Issue Sep 29, 2012 · 1 comment


None yet
2 participants

RonnyO commented Sep 29, 2012

Great work on this tool, Garann.

Now that Chrome is aggressively pushing Manifest Version 2, lots of templating engines aren't usable in that context. They might be in later versions with explicit whitelisting or inside a sandbox, but these demand extra work.

So I suggest adding the "Chrome CSP Compliant" criteria, which basically means a library never uses eval, new Function() and the like. For example, underscore.js doesn't comply while Addy Osmani's fork of Mustache.js does.


garann commented Jun 6, 2013

I think this is a good idea, but is fairly specific. I'd certainly accept a PR, but I think your link may offer the best solution:

Use a library that offers precompiled templates and you’re all set.

I'm going to consider that sufficient for now, but if you do feel like adding a new criteria and researching all the template engines, please feel free. :)

garann closed this Jun 6, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment