-
Notifications
You must be signed in to change notification settings - Fork 11.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove innerHTML
usage from our DOM platform
#5909
Merged
Merged
+30
−25
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prevent "Unsafe assignment to innerHTML" reported by Firefox when submitting addon to their store.
benmccann
approved these changes
Dec 13, 2018
I have succesfully built the branch, and tested it by:
In short: LGTM! Thanks. |
Thanks @jeroenheijmans and quite unexpectedly, this version generates smaller builds. |
etimberg
approved these changes
Dec 14, 2018
jelhan
added a commit
to jelhan/Chart.js
that referenced
this pull request
Dec 31, 2018
Using a link element is also recommended approach linked StackOverflow question. Code is mostly a copy and paste from this answer. Fixes chartjs#5208 together with chartjs#5909
jelhan
added a commit
to jelhan/Chart.js
that referenced
this pull request
Dec 31, 2018
Using a link element is also recommended approach linked StackOverflow question. Code is mostly a copy and paste from this answer. Fixes chartjs#5208 together with chartjs#5909
jelhan
added a commit
to jelhan/Chart.js
that referenced
this pull request
Jan 2, 2019
This uses CSS Object Model (CSSOM) to modify stylesheets. Changing stylesheets via CSSOM does not violate Content-Security-Policy style-src 'none'. CSSOM is still a working draft but the features been used should be supported by all target browsers: https://developer.mozilla.org/en-US/docs/Web/API/DocumentOrShadowRoot/styleSheets#Browser_compatibility https://developer.mozilla.org/en-US/docs/Web/API/CSSStyleSheet/insertRule#Browser_compatibility Creating an empty style element does not violate CSP. -webkit- prefix is not needed anymore for keyframe. Inserting CSS rule @-webkit-keyframews throws a SyntaxError in IE11. Done basic manual testing using samples in recent versions of: - Chrome (Desktop & Mobile) - Firefox - Microsoft Edge - IE 11 Fixes chartjs#5208 together with chartjs#5909 Live example: https://codepen.io/jelhan/pen/jXYymO Please note the CSP meta tag definied in settings. You need to update SHA hashes if you change any JavaScript in this Codepen as it violates CSP otherwise.
jelhan
added a commit
to jelhan/Chart.js
that referenced
this pull request
Jan 3, 2019
This uses CSS Object Model (CSSOM) to modify stylesheets. Changing stylesheets via CSSOM does not violate Content-Security-Policy style-src 'none'. CSSOM is still a working draft but the features been used should be supported by all target browsers: https://developer.mozilla.org/en-US/docs/Web/API/DocumentOrShadowRoot/styleSheets#Browser_compatibility https://developer.mozilla.org/en-US/docs/Web/API/CSSStyleSheet/insertRule#Browser_compatibility Creating an empty style element does not violate CSP. -webkit- prefix is not needed anymore for keyframe. Inserting CSS rule @-webkit-keyframews throws a SyntaxError in IE11. Done basic manual testing using samples in recent versions of: - Chrome (Desktop & Mobile) - Firefox - Microsoft Edge - IE 11 Fixes chartjs#5208 together with chartjs#5909 Live example: https://codepen.io/jelhan/pen/jXYymO Please note the CSP meta tag definied in settings. You need to update SHA hashes if you change any JavaScript in this Codepen as it violates CSP otherwise.
jelhan
added a commit
to jelhan/Chart.js
that referenced
this pull request
Jan 3, 2019
This uses CSS Object Model (CSSOM) to modify stylesheets. Changing stylesheets via CSSOM does not violate Content-Security-Policy style-src 'none'. CSSOM is still a working draft but the features been used should be supported by all target browsers: https://developer.mozilla.org/en-US/docs/Web/API/DocumentOrShadowRoot/styleSheets#Browser_compatibility https://developer.mozilla.org/en-US/docs/Web/API/CSSStyleSheet/insertRule#Browser_compatibility Creating an empty style element does not violate CSP. -webkit- prefix is not needed anymore for keyframe. Inserting CSS rule @-webkit-keyframews throws a SyntaxError in IE11. Done basic manual testing using samples in recent versions of: - Chrome (Desktop & Mobile) - Firefox - Microsoft Edge - IE 11 Fixes chartjs#5208 together with chartjs#5909 Live example: https://codepen.io/jelhan/pen/jXYymO Please note the CSP meta tag definied in settings. You need to update SHA hashes if you change any JavaScript in this Codepen as it violates CSP otherwise.
jelhan
added a commit
to jelhan/Chart.js
that referenced
this pull request
Jan 3, 2019
This uses CSS Object Model (CSSOM) to modify stylesheets. Changing stylesheets via CSSOM does not violate Content-Security-Policy style-src 'none'. CSSOM is still a working draft but the features been used should be supported by all target browsers: https://developer.mozilla.org/en-US/docs/Web/API/DocumentOrShadowRoot/styleSheets#Browser_compatibility https://developer.mozilla.org/en-US/docs/Web/API/CSSStyleSheet/insertRule#Browser_compatibility Creating an empty style element does not violate CSP. -webkit- prefix is not needed anymore for keyframe. Inserting CSS rule @-webkit-keyframews throws a SyntaxError in IE11. Done basic manual testing using samples in recent versions of: - Chrome (Desktop & Mobile) - Firefox - Microsoft Edge - IE 11 Fixes chartjs#5208 together with chartjs#5909 Live example: https://codepen.io/jelhan/pen/jXYymO Please note the CSP meta tag definied in settings. You need to update SHA hashes if you change any JavaScript in this Codepen as it violates CSP otherwise.
This was referenced Mar 4, 2020
This was referenced Mar 9, 2020
exwm
pushed a commit
to exwm/Chart.js
that referenced
this pull request
Apr 30, 2021
Prevent "Unsafe assignment to innerHTML" reported by Firefox when submitting addon to their store.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prevent
"Unsafe assignment to innerHTML"
reported by Firefox when submitting addon to their store.Enhances #5208
Fixes #5902