Closed Bug 1136643 Opened 10 years ago Closed 9 years ago

Sanitize translations that use innerHTML

Tracking

(Not tracked)

Status:

RESOLVED WONTFIX

People

(Reporter: stas, Unassigned)

References

Details

Staś Małolepszy :stas

Reporter

Description

•

10 years ago

Until we can use DOM overlays, maybe we should consider using a different sanitization method for innerHTML translations? Freddy, do you have any recommendations?

Staś Małolepszy :stas

Reporter

Updated

•

10 years ago

See Also: → https://bugzilla.mozilla.org/show_bug.cgi?id=994357

Frederik Braun [:freddy]

Comment 1

•

10 years ago

I thought bleach (https://github.com/mozilla-b2g/gaia/search?utf8=%E2%9C%93&q=bleach) was in shared/, but it's actually only used in the email app. So I'd like to experiment getting DOMPurify (https://github.com/cure53/DOMPurify) in Gaia /shared and use it for all HTML sanitizing cases.

Zibi Braniecki [:zbraniecki][:gandalf]

Comment 2

•

9 years ago

We have DOM Overlays now.

Status: NEW → RESOLVED

Closed: 9 years ago

Resolution: --- → WONTFIX

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Sanitize translations that use innerHTML

Categories

(Firefox OS Graveyard :: Gaia::L10n, defect)

Tracking

(Not tracked)

People

(Reporter: stas, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2