Shivam7-1
commented
4 months ago Hi @joelferrier Could You Please Review This PR Thanks
Open Shivam7-1 opened 4 months ago
Shivam7-1
commented
4 months ago Hi @joelferrier Could You Please Review This PR Thanks
adhintz
commented
4 months ago This use of innerHTML is safe and intentional. It's reading the value of innerHTML, not writing to it, so there's not a direct risk of XSS. It intentionally wants the HTML so that it the looksLikeGooglePage_ function can match the HTML snippets listed in corp_html_
Thank you for looking at this code, but this PR should be closed.
By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML