- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Fri, 25 Feb 2011 10:09:12 -0800
- To: "sird@rckc.at" <sird@rckc.at>
- Cc: Daniel Veditz <dveditz@mozilla.com>, public-web-security@w3.org
> > <script src="otherscript.js"> > {"json":"here"} > </script> > The network fetch that loading an external script could require is even slower. -devdatta > otherscript.js: > var scripts = document.getElementsByTagName("script"); > var lastScript = scripts[scripts.length-1]; > var configStr = lastScript.innerText || lastScript.textContent; > var config = json.parse(configStr); > > Or Firefox can provide this: > > <script for="something">{"json":"here"}</script> > > Which can be accessed later on with: > window.config.something.json > > Or something like that.. but don't make CSP less-safe please :) > > Greetz > -- Eduardo > > > > > On Fri, Feb 25, 2011 at 9:56 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: >>> >>> <mytag id="sql_stuff" value="<PHP-code-here>" /> >>> >>> then later in script (externally loaded, static) >>> >>> foo(document.getElementById("sql_stuff").getAttribute("value")) >>> >> >> This is really slow compared to a direct call. >> >> -devdatta >> >> >> >>> -Dan Veditz >>> >> >> >
Received on Friday, 25 February 2011 18:11:07 UTC