Add-ons/Reviewers/MiscCannedResponses: Difference between revisions

Jump to navigation Jump to search

Add-ons/Reviewers/MiscCannedResponses (view source)

Revision as of 12:43, 16 November 2011

83 bytes added ,  16 November 2011
m
no edit summary
mNo edit summary
mNo edit summary
Line 18: Line 18:


=== HTML  ===
=== HTML  ===
<blockquote>
<blockquote>Your add-on creates DOM nodes with raw HTML strings containing unsanitized string data. While the recommended method of creating DOM nodes is to use JavaScript DOM building methods such as createElement and appendChild (see https://developer.mozilla.org/en/How_to_create_a_DOM_tree) or one of the libraries which simplify using this method, creating content via strings is allowed if non-static data is sanitized with a function such as the following: <br> <pre>function escapeHTML(str) str.replace(/[&amp;"&lt;&gt;]/g,  
Your add-on creates DOM nodes with raw HTML strings containing unsanitized string data. While the recommended method of creating DOM nodes is to use JavaScript DOM building methods such as createElement and appendChild (see https://developer.mozilla.org/en/How_to_create_a_DOM_tree) or one of the libraries which simplify using this method, creating content via strings is allowed if non-static data is sanitized with a function such as the following: <br>
        function (m) "&amp;" + ({ "&amp;": "amp",  
<pre>function escapeHTML(str) str.replace(/[&amp;"&lt;&gt;]/g, function (m) "&amp;" + ({ "&amp;": "amp", '"': "quot", "&lt;": "lt", "&gt;": "gt" })[m] + ";");</pre></blockquote>  
                              '"': "quot",  
                              "&lt;": "lt", "&gt;": "gt" })[m] + ";"
        );</pre></blockquote>
 
=== URL Query Parameters  ===
=== URL Query Parameters  ===
<blockquote>
<blockquote>
Realraven
60

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/370042"

Navigation menu