Closed Bug 1136643 Opened 10 years ago Closed 9 years ago

Sanitize translations that use innerHTML

Categories

(Firefox OS Graveyard :: Gaia::L10n, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::L10n
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: stas, Unassigned)

References

Details

Until we can use DOM overlays, maybe we should consider using a different sanitization method for innerHTML translations?

Freddy, do you have any recommendations?
See Also: → 994357
I thought bleach (https://github.com/mozilla-b2g/gaia/search?utf8=%E2%9C%93&q=bleach) was in shared/, but it's actually only used in the email app.

So I'd like to experiment getting DOMPurify (https://github.com/cure53/DOMPurify) in Gaia /shared and use it for all HTML sanitizing cases.
We have DOM Overlays now.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.