Closed ghost closed 8 years ago
Calls to innerHTML have been removed and now all html is constructed using DOM apis. Eg
var linkEl = document.createElement('a');
linkEl.href = wayback_url;
linkEl.style.color = 'blue';
linkEl.appendChild(document.createTextNode("Visit the site as it was captured on " + date));
This is another comment from a few months ago. If it's already addressed, feel free to close:
The banner is constructed using innerHTML which offers an avenue for script insertion and malformed HTML. The recommendation is to build it with DOM objects using createElement()