Submitting to mozilla has 5 warnings about unsafe assignments to innerHTML.

[magnus-ISU]

Most or all of these warnings should be able to be fixed. Most important are the ones facing the user; namely, controller opacity and size. In theory, it is a slight vulnerability if the cookies are edited manually I think.