Banner is constructed using innerHTML

internetarchive / wayback-machine-firefox

Reduce annoying 404 pages by automatically checking for an archived copy in the Wayback Machine. Learn more about this Test Pilot experiment at https://testpilot.firefox.com/

GNU Affero General Public License v3.0

53 stars 17 forks source link

Banner is constructed using innerHTML #2

Closed ghost closed 8 years ago

ghost commented 8 years ago

This is another comment from a few months ago. If it's already addressed, feel free to close:

The banner is constructed using innerHTML which offers an avenue for script insertion and malformed HTML. The recommendation is to build it with DOM objects using createElement()

rchrd2 commented 8 years ago

Calls to innerHTML have been removed and now all html is constructed using DOM apis. Eg

    var linkEl = document.createElement('a');
    linkEl.href = wayback_url;
    linkEl.style.color = 'blue';
    linkEl.appendChild(document.createTextNode("Visit the site as it was captured on " + date));