canmove, Confirmed users
1,220
edits
Security/Reviews/Gaia/homescreen: Difference between revisions
Jump to navigation
Jump to search
Security/Reviews/Gaia/homescreen (view source)
Revision as of 22:44, 25 February 2013
, 25 February 2013→1. XSS & HTML Injection attacks
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) |
||
| Line 55: | Line 55: | ||
====1. XSS & HTML Injection attacks==== | ====1. XSS & HTML Injection attacks==== | ||
The homescreen and everything.me contain extensive usage of innerHTML which would be better replaced with DOM calls. (both for performance and security). Mainly though this is for static HTML. | The homescreen and everything.me contain extensive usage of innerHTML which would be better replaced with DOM calls. (both for performance and security). Mainly though this is for static HTML. All access to .innerHTML was audited, including calls to Evme.$create which is a wrapper for innerHTML. | ||
====2. Secure Communications ==== | ====2. Secure Communications ==== | ||