Change Details

Create a Stimulus controller that allows attaching custom code like so: ``` lang=html <div data-controller="signed-inline" signed-onclick="/* SIGNATURE=SHA-256:68b329da9893e34099c7d8ad5cb9c940 */ alert('hello')"> </div> ``` The signature is generated server-side with RSA/SHA-256. The stimulus controller should first validate the code, and if it's properly signed, attach the event handler (`onclick` in this example case) with the code wrapped in `eval`. Checking the signature requires knowledge of the public key used for signing. The key should be expected to be available as base64 in a global variable SIGNED_INLINE_PUBLIC_KEY

Create a Stimulus controller that allows attaching custom code like so: ``` lang=html <div data-controller="signed-inline" signed-onclick="/* SIGNATURE=SHA-256:68b329da9893e34099c7d8ad5cb9c940 */ alert('hello')"> </div> ``` The signature is generated server-side with RSA/SHA-256. The stimulus controller should first validate the code, and if it's properly signed, attach the event handler (`onclick` in this example case) with the code wrapped in `eval`. Checking the signature requires knowledge of the public key used for signing. The key should be expected to be available as base64 in a global variable SIGNED_INLINE_PUBLIC_KEY Also create a function to be used server-side that takes code to sign and the private key and properly creates a string with the signed code

Create a Stimulus controller that allows attaching custom code like so: ``` lang=html <div data-controller="signed-inline" signed-onclick="/* SIGNATURE=SHA-256:68b329da9893e34099c7d8ad5cb9c940 */ alert('hello')"> </div> ``` The signature is generated server-side with RSA/SHA-256. The stimulus controller should first validate the code, and if it's properly signed, attach the event handler (`onclick` in this example case) with the code wrapped in `eval`. Checking the signature requires knowledge of the public key used for signing. The key should be expected to be available as base64 in a global variable SIGNED_INLINE_PUBLIC_KEY Also create a function to be used server-side that takes code to sign and the private key and properly creates a string with the signed code