[ajax] use a custom tag to handle dynamically loaded js
Using <pre class="script"> makes it trivial for a malicious user to
inject arbitrary javascript into a html or rest text element (because it
looks innocent to the html sanitizer). Using a custom tag we can be
sure that it actually comes from our code and not from untrusted user
data. IE ignores custom tags, though, so we put it in its own namespace.
https://extranet.logilab.fr/1530578
Javascript Coding Standards
---------------------------
(Draft, to be continued)
:Naming: camelCase, except for CONSTANTS
Indentation rules
~~~~~~~~~~~~~~~~~
- espace avant accolade ouvrante
- retour à la ligne après accolade ouvrante (éventuellement pas
de retour à la ligne s'il y a tout sur la même ligne, mais ce n'est
pas le cas ici.
- no tabs
Documentation
~~~~~~~~~~~~~
XXX explain comment format for documentation generation
Coding
~~~~~~
- Don't forget 'var' before variable definition, and semi-colon (';') after **each** statement.
- Check the firebug console for deprecation warnings
API usage
~~~~~~~~~
- unless intended, use jQuery('container') rather than jqNode('container')
See also
~~~~~~~~
http://google-styleguide.googlecode.com/svn/trunk/javascriptguide.xml