It currently builds a big string of HTML which will include some values retrieved from the network. These values could potentially include some naughty HTML which can be injected through the innerHTML call. I should instead be creating elements and setting textcontent and stuff.
It currently builds a big string of HTML which will include some values retrieved from the network. These values could potentially include some naughty HTML which can be injected through the innerHTML call. I should instead be creating elements and setting textcontent and stuff.