mangs
commented
2 years ago Thank you! Do you have any insight into when Firefox will be making this a stable feature? setHTML() fulfills most of my use cases, so I'm very grateful. =D
Closed mozfreddyb closed 2 years ago
mangs
commented
2 years ago Thank you! Do you have any insight into when Firefox will be making this a stable feature? setHTML() fulfills most of my use cases, so I'm very grateful. =D
mangs
commented
2 years ago Is this readme text still correct? https://github.com/mozilla/eslint-plugin-no-unsanitized/blob/main/README.md?plain=1#L8
mozfreddyb
commented
2 years ago I'm adjusting the readme in #204. (Discussions about the Sanitizer API should best happen someplace else. But the TLDR is: It's going to take a while :))
mangs
commented
2 years ago No worries, I wasn't sure if I was right. I reviewed the PR and it looks good; I left a comment. :)
197 requested support for the built-in Sanitizer API.
As one of the co-editors, I know that only
element.setHTML()is stable enough for support.sanitizeFor()has been removed from Gecko and we still have not reached consensus on how to spec & shipsanitize(). So this commit doesn't completely fix #197 and will require future work if we end up shipping more than just setHTML.