Closed mossroy closed 2 years ago
.innerHTML usage usually raises warnings from code security scanners.
.innerHTML
It might indeed be a security issue if you let anybody provide the slideshow URLs.
It's possible to replace by .innerText everywhere in slideshow.js, except line 6, where it's actually (static) HTML that is inserted.
.innerText
I can make a PR for that.
And this last usage of .innerHTML might be replaced by javascript code, too (but I did not do it)
.innerHTMLusage usually raises warnings from code security scanners.It might indeed be a security issue if you let anybody provide the slideshow URLs.
It's possible to replace by
.innerTexteverywhere in slideshow.js, except line 6, where it's actually (static) HTML that is inserted.I can make a PR for that.
And this last usage of
.innerHTMLmight be replaced by javascript code, too (but I did not do it)