Sanitize translations that use innerHTML

RESOLVED WONTFIX

Status

defect
RESOLVED WONTFIX
4 years ago
3 years ago

People

(Reporter: stas, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Reporter

Description

4 years ago
Until we can use DOM overlays, maybe we should consider using a different sanitization method for innerHTML translations?

Freddy, do you have any recommendations?
Reporter

Updated

4 years ago
See Also: → 994357
I thought bleach (https://github.com/mozilla-b2g/gaia/search?utf8=%E2%9C%93&q=bleach) was in shared/, but it's actually only used in the email app.

So I'd like to experiment getting DOMPurify (https://github.com/cure53/DOMPurify) in Gaia /shared and use it for all HTML sanitizing cases.
We have DOM Overlays now.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.