taigrr/wasm-experiments
1
0
Fork 0
mirror of https://github.com/taigrr/wasm-experiments synced 2025-01-18 04:03:21 -08:00
Code Issues Projects Releases Wiki Activity

Use innerText instead of innerHTML to discourage XSS risks

Browse Source 
Roberto Clapis (@empijei) pointed out to me that using innerHTML for
unformatted text is bad practice, so I've switched to using innerText
and SetTextContent instead.
This commit is contained in:
Johan Brandhorst 2018-08-17 10:26:43 +01:00
parent 31e31e865c
commit e481a67ae8
No known key found for this signature in database
GPG Key ID: 266C7D9B44EAA057
4 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fetch/main.go
View File

@ -16,7 +16,7 @@ type writer dom.Element
// Write implements io.Writer. // Write implements io.Writer.
func (d writer) Write(p []byte) (n int, err error) { func (d writer) Write(p []byte) (n int, err error) {
node := dom.GetDocument().CreateElement("div") node := dom.GetDocument().CreateElement("div")
node.SetInnerHTML(string(p)) node.SetTextContent(string(p))
(*dom.Element)(&d).AppendChild(node) (*dom.Element)(&d).AppendChild(node)
return len(p), nil return len(p), nil
} }

BIN
html/test.wasm
View File

Binary file not shown.

2
js/main.go
View File

@ -14,7 +14,7 @@ func main() {
div := document.Call("getElementById", "target") div := document.Call("getElementById", "target")
node := document.Call("createElement", "div") node := document.Call("createElement", "div")
node.Set("innerHTML", "Hello World") node.Set("innerText", "Hello World")
div.Call("appendChild", node) div.Call("appendChild", node)
} }

2
jsgo/main.go
View File

@ -14,7 +14,7 @@ func main() {
div := document.Get("body") div := document.Get("body")
node := document.Call("createElement", "div") node := document.Call("createElement", "div")
node.Set("innerHTML", "Hello jsgo.io!") node.Set("innerText", "Hello jsgo.io!")
div.Call("appendChild", node) div.Call("appendChild", node)
} }