Security/Reviews/Gaia/costcontrol: Difference between revisions

Security/Reviews/Gaia/costcontrol (view source)

294 bytes added , 30 September 2013

Confirmed users

353

edits

@@ Line 80: / Line 80: @@
 =====Suspicious but OK=====
       [https://github.com/mozilla-b2g/gaia/blob/master/apps/costcontrol/js/view_manager.js#L111 ~/work/code/gaia/apps/costcontrol/js/view_manager.js:111] - panel.innerHTML = panel.childNodes[i].nodeValue;
-          - grabbing static HTML defined in a comment block inside index.html
+          - To increase performance of the first draw, developers define static HTML inside comment nodes and then later grab that HTML and input to innerHTML.
       [https://github.com/mozilla-b2g/gaia/blob/master/apps/costcontrol/js/settings/settings.js#L131 ~/work/code/gaia/apps/costcontrol/js/settings/settings.js:131] - src.innerHTML = xhr.responseText;
@@ Line 88: / Line 88: @@
           - finds all defined script tags and redfines them, then appends to page
           - <script type="text/javascript" defer="" src="js/fte.js"></script> is redefined as <br>          <script src="js/fte.js" id="js/fte.js" type="application/javascript"></script>
+         - After speaking with a developer, they must redefine script tags because simply uncommenting them and shoving them into innerHTML doesn't work. So they have to redefine the script tags and append them.
 ====2. Secure Communications ====