Lines like the following, which should be flagged, are ignored: foo.innerHTML = bar(); I've come across quite a lot of these recently but hadn't gotten around to tracking them down. The last one was a major remote chrome code execution vulnerability, so it would be nice to have this fixed soon.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.