Confirmed users
353
edits
Security/Reviews/Gaia/costcontrol: Difference between revisions
Security/Reviews/Gaia/costcontrol (view source)
Revision as of 17:50, 27 September 2013
, 27 September 2013→Suspicious but OK
| Line 82: | Line 82: | ||
- grabbing static HTML defined in a comment block inside index.html | - grabbing static HTML defined in a comment block inside index.html | ||
~/work/code/gaia/apps/costcontrol/js/settings/settings.js:131 - src.innerHTML = xhr.responseText; | [https://github.com/mozilla-b2g/gaia/blob/master/apps/costcontrol/js/settings/settings.js#L131 ~/work/code/gaia/apps/costcontrol/js/settings/settings.js:131] - src.innerHTML = xhr.responseText; | ||
- XHR is fetching /debug.html which has no variable data | - XHR is fetching /debug.html which has no variable data | ||
~/work/code/B2G/gaia/apps/costcontrol/js/view_manager.js:138 - var script = document.createElement('script'); | [https://github.com/mozilla-b2g/gaia/blob/master/apps/costcontrol/js/view_manager.js#L138 ~/work/code/B2G/gaia/apps/costcontrol/js/view_manager.js:138] - var script = document.createElement('script'); | ||
- finds all defined script tags and redfines them, then appends to page | - finds all defined script tags and redfines them, then appends to page | ||
- <script type="text/javascript" defer="" src="js/fte.js"></script> is redefined as <br> <script src="js/fte.js" id="js/fte.js" type="application/javascript"></script> | - <script type="text/javascript" defer="" src="js/fte.js"></script> is redefined as <br> <script src="js/fte.js" id="js/fte.js" type="application/javascript"></script> | ||