Closed mossroy closed 2 years ago
.innerHTML usage usually raises warnings from code security scanners.
.innerHTML
It might indeed be a security issue if you let anybody provide the slideshow URLs.
It's possible to replace by .innerText everywhere in slideshow.js, except line 6, where it's actually (static) HTML that is inserted.
.innerText
I can make a PR for that.
And this last usage of .innerHTML might be replaced by javascript code, too (but I did not do it)
.innerHTML
usage usually raises warnings from code security scanners.It might indeed be a security issue if you let anybody provide the slideshow URLs.
It's possible to replace by
.innerText
everywhere in slideshow.js, except line 6, where it's actually (static) HTML that is inserted.I can make a PR for that.
And this last usage of
.innerHTML
might be replaced by javascript code, too (but I did not do it)