I'm not sure whether seeing these directives in plain text poses any particular threat to our app hacking or not. But if nothing else one can clearly see our model structure and functionality. If Angular removed those after bootstrapping it would at least make it a bit harder to access...
Two questions
Would it be possible to remove all custom
ng-
attributes from markup after Angular app boostrapped? Would the app still work as expected?Would it be possible to dynamically add
ng-
attributes on DOM Ready using jQuery, and then remove them as per #1? If this required manual app bootstrapping so be it?
By having the possibility of the #2 somehow we could externalize app configuration and HTML markup would never show any declarative directives (just in the time between configuration-bootstraping-removal). But at least there would be none if user disabled Javascript.