I agree the data url sounds interesting but is not really practical for a
general purpose public site. I do think this might be interesting though
<t:script cachePolicy="never" require="jquery" t:id="hello">
alert("hello ${user}");
<\t:script>
That becomes something like:
<script src=".../page.hello:script:sha1ofcontent">
which returns:
define(["jquery"], function(jquery) {
alert("hello Barry");
}
This gives you simple dynamic javascript from a url that will work across a
cluster. It would be easy to set the cache policy and might be possible to
include in a stack if the script is static. The state would be managed just
like an event link because it's really just an event link that returns
Javascript instead of say a Zone.
On Thu, Feb 6, 2014 at 4:20 AM, Lance Java <lance.j...@googlemail.com>wrote:
> In theory, the data URL approach sounds perfect.
>
> But in reality we'd be swapping this:
> <script>alert('hello');</script>
>
> For this:
> <script src="data:text/javascript;charset=utf-8,alert('hello');" />
>
> As you mentioned, it's likely that at least on browser won't support this
> (I'm looking at you IE!). As I said, I'm not sure it actually achieves
> anything in terms of security (apart from ticking a box).
>
