-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make a new rule "innerText" property when append script tag? #89
Comments
Yes, it's true that What we've done for What we /could/ do is create an innerText rule that disallows assignments when the left part matches script. But it's still error prone. |
This should be relatively simple. If there's enough interest, I'm happy to guide someone along the way. |
Hello @mozfreddyb, I would like to work on this issue. Could you please guide me on how to proceed? |
Sorry, I'll need to de-prioritize this. |
I thought innerText could be harmful in this case when
attack_var
is unsanitized .The text was updated successfully, but these errors were encountered: