Open Shivam7-1 opened 4 months ago
Hi @joelferrier Could You Please Review This PR Thanks
This use of innerHTML
is safe and intentional. It's reading the value of innerHTML
, not writing to it, so there's not a direct risk of XSS. It intentionally wants the HTML so that it the looksLikeGooglePage_
function can match the HTML snippets listed in corp_html_
Thank you for looking at this code, but this PR should be closed.
By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML