Documentation for unsafe_html is insufficient

dart-lang / sdk

The Dart SDK, including the VM, JS and Wasm compilers, analysis, core libraries, and more.

https://dart.dev

BSD 3-Clause "New" or "Revised" License

10.3k stars 1.59k forks source link

Documentation for unsafe_html is insufficient #58276

Open Hixie opened 4 years ago

Hixie commented 4 years ago

https://dart-lang.github.io/linter/lints/unsafe_html.html doesn't give any reason why these patterns are bad.

Even as someone who wrote the specification for many of these Web features, I literally could not tell you why some of these are so bad that we should lint them entirely out of existence (especially with an unignorable lint).

pq commented 4 years ago

/cc @srawlins

gmpassos commented 3 years ago

The lint says that is unsafe to set the href of an AnchorElement. But what’s is the correct (secure) way to do this? Will be nice to have it in the docs.