Is it possible to hide $aurelia
and $au
global properties that are attached to DOM elements? And make that data private and available only using API like CustomElement.for
?
We could if we wanted to, though why do you need this?
It will make harder to reverse engineer Aurelia applications and modify them with browser extensions. It will be good to have $aurelia
and $au
inaccessible in production.
Right thanks for that clarification. Can you help create a GH issue for this request?
Yes, I can. But I think I need a better framework understanding to complete “how it should work” step in creating the issue.
As I see, there was already an accepted pool request that was supposed to remove node.$au
and node.$controller
:
- Is a BREAKING CHANGE -
node.$au
andnode.$controller
no longer exist
But since then node.$au
was reintroduced or it was removed not from all places.
I do not fully understand why it is created. And haven’t see any documentation about it. Is this the only way to access controllers behind DOM elements in Aurelia v1 ?