Yikes. Dangerously incorrect content on @MozDev regarding innerHTML and "<script>". Just submitted a change. https://developer.mozilla.org/en-US/docs/DOM/element.innerHTML …
@slicknet It’s not exactly “harmless” (https://developer.mozilla.org/en-US/docs/DOM/element.innerHTML$compare?from=345583&to=365009 …) either… E.g. `el.innerHTML = '<img src=x onerror=alert(1)>';`.
-
-
@mathias the example on the page is harmless, your example is not. :) Maybe you should add it! - 2 more replies
New conversation -
-
-
@mathias@slicknet Forgive the ignorance, but why is it dangerous? //@jaffathecake -
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.