Closed Bug 1136643 Opened 8 years ago Closed 7 years ago
Sanitize translations that use inner
Until we can use DOM overlays, maybe we should consider using a different sanitization method for innerHTML translations? Freddy, do you have any recommendations?
I thought bleach (https://github.com/mozilla-b2g/gaia/search?utf8=%E2%9C%93&q=bleach) was in shared/, but it's actually only used in the email app. So I'd like to experiment getting DOMPurify (https://github.com/cure53/DOMPurify) in Gaia /shared and use it for all HTML sanitizing cases.
We have DOM Overlays now.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.