evel icon indicating copy to clipboard operation
evel copied to clipboard

Published 20 hours ago verified publisher icon natevw

DOM warning (documentation)

Open natevw opened this issue 9 years ago • 1 comments

Might be worth making clear that passing any sort of DOM object to the untrusted script is dangerous e.g. script injection via .innerHTML and probably many more avenues…. (Although, how much will our iframe mitigate of that?)

natevw avatar Dec 11 '15 19:12 natevw

For just one other example: https://www.w3.org/TR/html5/webappapis.html#internal-raw-uncompiled-handler

natevw avatar Jan 13 '16 19:01 natevw