Closed mozfreddyb closed 5 months ago
When implemented, setHTMLUnsafe() can be used as another unsafe XSS sink, similar to assignments to innerHTML.
setHTMLUnsafe()
innerHTML
The linter should disallow it just as well. The function implemented and not included in the linter rules constitutes an XSS risk.
When implemented,
setHTMLUnsafe()
can be used as another unsafe XSS sink, similar to assignments toinnerHTML
.The linter should disallow it just as well. The function implemented and not included in the linter rules constitutes an XSS risk.