Quick tip; never use innerHTML (or jQuery’s html() ) unless you really want to insert HTML . Quite often, what you actually want is to insert some text. If this is the case, use innerText (or jQuery’s text() ).
WARNING: Please be aware that any code (script tags) and resources linked (images, scripts) will still be run using this approach. Only use this approach when you have some degree of control over the input and context. Securing markup is not a trivial task and should be given more thought.
Recent posts in JS NPM, Travis, Node 0.8 and the "Caret Operator" JavaScript: What the hell is this!? Visualizing the most read articles on VG How To Make GoogleBot Crawl Your Backbone.js Website WebGL DAE model viewer
© 2014 Verdens Gang AS
No comments:
Post a Comment