Ember.js based web applications CSP compatible?

Question

Ember.js based web applications CSP compatible?

Google Chromes Packaged Apps needs to comply with CSP . Assuming you compile Handlebars templates before deployment, does this apply to Ember.js?

For some reason, Google does not list Ember.js as the recommended MVC framework .

+4

javascript security google-chrome google-chrome-app ember.js

aaronk6 Sep 11 '13 at 18:26

source share

2 answers

ember applications created with ember-cli are compatible with CSP since version 0.0.47 . hope that Google will review its recommendations.

+2

Samy alzahrani Oct 21 '14 at 6:21

source share

Kinlan · Accepted Answer · 2013-09-11T21:44:57+0000

At the time of writing, Ember was not compatible with CSP due to the use of eval or new Function in the code, which was mainly around Handlebars procedure templates.

With the right build tools, Ember templates can be precompiled. The grunt-ember-templates npm package will handle this for you. This package is used by the ember-app-kit , which becomes the standard Ember build tool. If you like Rails, you can use ember-appkit-rails .

If for some reason you want to use non-compiled templates, you can use the sandbox attribute to isolate your page from the Chrome application APIs and allow the use of eval.

Ember.js based web applications CSP compatible?

More articles: