Closed
Bug 859898
Opened 12 years ago
Closed 12 years ago
Remove unnecessary innerHTML from Usage application
Categories
(Firefox OS Graveyard :: Gaia::Cost Control, defect)
Tracking
(b2g18+ fixed)
RESOLVED
FIXED
People
(Reporter: salva, Assigned: salva)
References
Details
Attachments
(1 file)
|
250 bytes,
text/html
|
arcturus
:
review+
akeybl
:
approval-gaia-v1+
|
Details |
The security team points in Gaia List to remove all 'innerHTML' and use DOM manipulations and textContent when needed.
Usage uses lazy load for some HTML resources so it is not possible to strip out every 'innerHTML' but most of them can be replaced by 'textContent'.
|
Assignee | |
Comment 1•12 years ago
|
||
You can look for the mail with subject 'Newsflash: Don't use innerHTML in Firefox OS!'
|
||
Updated•12 years ago
|
status-b2g18:
--- → affected
|
|
Assignee | |
Comment 2•12 years ago
|
||
Attachment #735925 -
Flags: review?(francisco.jordano)
|
||
Comment 3•12 years ago
|
||
Comment on attachment 735925 [details]
All unsafe / unnecessary innerHTML
Some comments on github, not really related to the pr, but nice to remember.
r+ ... thanks Salva!
Attachment #735925 -
Flags: review?(francisco.jordano) → review+
|
|
Assignee | |
Comment 4•12 years ago
|
||
Let's open another bug for l10n related stuff you spotted on the patch. Thank you!
|
|
Assignee | |
Comment 5•12 years ago
|
||
Master: 52f1125f4af3a85e72cf1b1423a5e627df86dfed
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 6•12 years ago
|
||
Comment on attachment 735925 [details]
All unsafe / unnecessary innerHTML
NOTE: Please see https://wiki.mozilla.org/Release_Management/B2G_Landing to better understand the B2G approval process and landings.
[Approval Request Comment]
Bug caused by (feature/regressing bug #): several ones
User impact if declined: low (but it is a moderate security concern)
Testing completed: yes
Risk to taking this patch (and alternatives if risky): low
String or UUID changes made by this patch: none
Attachment #735925 -
Flags: approval-gaia-v1?
|
||
Updated•12 years ago
|
Attachment #735925 -
Flags: approval-gaia-v1? → approval-gaia-v1+
|
||
Comment 7•12 years ago
|
||
I was not able to uplift this bug to v1-train. If this bug has dependencies which are not marked in this bug, please comment on this bug. If this bug depends on patches that aren't approved for v1-train, we need to re-evaluate the approval. Otherwise, if this is just a merge conflict, you might be able to resolve it with:
git checkout v1-train
git cherry-pick -x -m1 52f1125f4af3a85e72cf1b1423a5e627df86dfed
<RESOLVE MERGE CONFLICTS>
git commit
|
|
Assignee | |
Comment 8•12 years ago
|
||
After merging bug 841294, this applies cleanly.
v1-train: 36643db6565f7b9741592b2a2c460c2527fd6057
You need to log in
before you can comment on or make changes to this bug.
Description
•