cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Demetrius Tsitrelis <>
Subject Best practice: Do not use innerHtml() property or it's equivalent jQuery .html() method
Date Wed, 16 Apr 2014 23:06:55 GMT
This property is used to dynamically insert HTML into the UI.  Unfortunately, it is easily
abused because it accepts input such as <SCRIPT> tags.

There are about 150 instances of the .html() method in our UI.  It turns out that in the vast
majority of the uses are for text; in those cases the .text() method provides a safe replacement
for .html().

For those instances where HTML is needed it is safer to use a sequence of calls to createElement(),
appendChild(), and setAttribute() to construct and insert the new element into the DOM.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message