On Wed, Nov 23, 2011 at 8:09 AM, Deryck Hodge
<email address hidden> wrote:
> The server would set whatever the js code passed in, though. And yeah, maybe it's not worth worrying about. It just feels wrong to me.
It doesn't need to do that - you can validate the information really
easily. Or you can say that things like 'client.*' are opaque to the
server (but this defeats the whole reason here, so you will want it
validated).
On Wed, Nov 23, 2011 at 8:09 AM, Deryck Hodge
<email address hidden> wrote:
> The server would set whatever the js code passed in, though. And yeah, maybe it's not worth worrying about. It just feels wrong to me.
It doesn't need to do that - you can validate the information really
easily. Or you can say that things like 'client.*' are opaque to the
server (but this defeats the whole reason here, so you will want it
validated).