Neil Fraser

icon indicating a website link https://neil.fraser.name/ icon indicating an email [email protected]

icon company New Voice icon location Switzerland

Results 46 comments of Neil Fraser

Update index.ts DOM text reinterpreted as HTML

This PR would break this product by printing raw HTML on the user's screen.

Update window.js DOM text reinterpreted as HTML

This PR would cause raw HTML tags to be printed on the user's screen.

DOM text reinterpreted as HTML Update inject.js

In this case `innerHTML` is being used as a getter, not a setter, so the existing code is perfectly safe. Further, it appears that changing this to text-only would break...

Dates should coerce to strings not numbers when the plus operator is used

@cpcallen Here's a bit of a mystery. This is pure spec-compliant JavaScript, no consideration of JS-Interpreter is needed. Here's an Object with some hooks on toString and valueOf. ``` var...

Dates should coerce to strings not numbers when the plus operator is used

Ah, there's a specific exception for Date objects: https://262.ecma-international.org/5.1/#sec-11.6.1 > No hint is provided in the calls to ToPrimitive in steps 5 and 6. All native ECMAScript objects except Date...

DOM text reinterpreted as HTML Update background.js

I'm not on this project's team, but this PR would result in raw HTML being printed on the user's screen. Here `innerHTML` is being used intentionally since there's an ``...