jens/flipper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use textContent for showing dev error message (#199)

Browse Source 
Summary:
`innerHTML` seems unnecessarily dangerous, rendering unescaped content from the network in an execution context. It can also raise exceptions if the HTML received is invalid, so let's not do this?
Pull Request resolved: https://github.com/facebook/flipper/pull/199

Reviewed By: danielbuechele

Differential Revision: D9179150

Pulled By: passy

fbshipit-source-id: 911b2686150be73c8e9e42b94b2a96da62fd6ae7
This commit is contained in:
Pascal Hartig
2018-08-06 05:35:51 -07:00
committed by Facebook Github Bot
parent 4e5122d664
commit 3a657ed46a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
static/index.dev.html
View File

@@ -75,14 +75,14 @@
suppressErrors = true;
});
function openError(html) {
function openError(text) {
if (suppressErrors) {
return;
}
const box = document.querySelector('.__infinity-dev-box-error');
box.removeAttribute('hidden');
box.innerHTML = html;
box.textContent = text;
onLoad();
}