search

Maingron / MainOS

MainOS is a web-based Operating System
https://maingron.itch.io/mainos
10 stars 3 forks source link

Don't write to *.innerHTML #21

Open Maingron opened 3 years ago

Maingron commented 3 years ago

Don't use *.innerHTML = OR even += "something" . Instead spawn new HTML elements like described here: https://github.com/Maingron/MainOS/security/code-scanning/1997?query=ref%3Arefs%2Fheads%2Fmaster

This will improve scores, flexibility and accessibility. Might improve some other things too 🤷‍♂️

Assignments to innerHTML/outerHTML properties or calls to insertAdjacentHTML method manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.

Maingron commented 3 years ago

Does anyone have time to replace all the innerHTMLs with appendChild() or something similar?
Currently there's a list of innerHTML writes but I'd suggest using CTRL F https://github.com/Maingron/MainOS/security/code-scanning?query=is%3Aopen+innerHTML