Adding a sandboxed JsRender template
In this task we can add the template that JsRender will use to display the saved contacts. At this point we don't have any saved, but we can still wire it up ready, and then when we do have some contacts, they'll be rendered into the popup without any fuss.
Prepare for Lift Off
Chrome uses a Content Security Policy (CSP) in order to prevent a large number of common cross-site scripting (XSS) attacks, and because of this we are not allowed to execute any scripts that use either eval() or new Function().
The JsRender templating library, like many other popular libraries and frameworks, uses new Function() when compiling templates and therefore is not allowed to run directly inside the extension. There are two ways we can overcome this problem:
We could switch to a templating library that offers a pre-compilation of templates, such as the popular
Dust.js. We could then compile our template outside of the extension in a browser and link to a JavaScript file containing...
