- From: <sird@rckc.at>
- Date: Fri, 25 Feb 2011 10:07:28 -0800
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Daniel Veditz <dveditz@mozilla.com>, public-web-security@w3.org
And if people really want to put stuff inside <scripts> they can do. <script src="otherscript.js"> {"json":"here"} </script> otherscript.js: var scripts = document.getElementsByTagName("script"); var lastScript = scripts[scripts.length-1]; var configStr = lastScript.innerText || lastScript.textContent; var config = json.parse(configStr); Or Firefox can provide this: <script for="something">{"json":"here"}</script> Which can be accessed later on with: window.config.something.json Or something like that.. but don't make CSP less-safe please :) Greetz -- Eduardo On Fri, Feb 25, 2011 at 9:56 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: >> >> <mytag id="sql_stuff" value="<PHP-code-here>" /> >> >> then later in script (externally loaded, static) >> >> foo(document.getElementById("sql_stuff").getAttribute("value")) >> > > This is really slow compared to a direct call. > > -devdatta > > > >> -Dan Veditz >> > >
Received on Friday, 25 February 2011 18:08:23 UTC