Open LDSamson opened 3 hours ago
There are a few other options we've explored, with the top candidate being rewriting cards and sidebars as Custom Elements or Web Components. If we were implementing them again today, this would certainly be our first choice. Some work has been done in this direction in #1009, but unfortunately we haven't had the time to take this on. It's definitely on our radar and we appreciate you bringing it up!
For example, every
bslib::card()
will create some inline javascript, callingbslib.Card.initializeAllCards()
(see below). Would it be possible to move this function call to an external JS file and calling it with something like<script src=''></script>
instead?Removing as many inline scripts as possible would make it easier to set a strict Content Security Policy when serving a shiny application, and setting such a policy greatly improves security against XSS attacks. I am not sure if this is possible, but I thought it is worth a try to ask.