[0.9] on-click="kickAction()"

[gertcuykens]

Why did you remove () ?
Why not on-click="kickAction()" ?
We have been using () sins 1990 :P

<template>

  <button on-click="kickAction()">Kick Me</button>

</template>

<script>

  Polymer({

    is: 'x-custom',

    kickAction: function() {
      alert('Ow!');
    }

  });

</script>

<!DOCTYPE html>
<html>
<body>

<button onclick="myFunction()">Click me</button>

<p id="demo"></p>

<p>A function is triggered when the button is clicked. The function outputs some text in a p element with id="demo".</p>

<script>
function myFunction() {
    document.getElementById("demo").innerHTML = "Hello World";
}
</script>

</body>
</html>

[zoechi]

I think this only makes sense when passing arguments is supported.
IMHO if arguments aren't supported in the expression, then the braces shouldn't be used.
kickAction means that we pass the function kickAction to Polymer to be called by Polymer as appropriate (with arguments if applicable), kickAction() indicates to me the expression kickAction() should be evaluated.

[sjmiles]

The code inside of onclick attribute is evaluated directly as JavaScript. This is a major security vulnerability in HTML and it's use is strongly discouraged in all circles.

Polymer doesn't evaluate code from HTML, it instead uses the attribute to map a method name to an event.

[gertcuykens]

Ok fair enough I agree