fix: Move away from using innerHTML #2321
Conversation
|
🤖 I detect that the PR title and the commit message differ and there's only one commit. To use the PR title for the commit history, you can use Github's automerge feature with squashing, or use -- conventional-commit-lint bot |
|
Hi @maribethb Could You Please Review this PR |
|
Hi @maribethb Could You Please Review this PR |
|
Hi @Shivam7-1, this plugin was recently converted to TypeScript so this PR needs to be rebased and the change should be made against the equivalent ts file now instead. Also, we use conventional commits in order to generate good release notes. Could you please follow these instructions to use conventional commits? |
|
Hi @maribethb Thanks For Reviewing |
|
This is actually a good change. Though as @maribethb states, it collides with recent commits, so it needs to be rebased. Also, instead of |
NeilFraser
changed the title
|
Hi @maribethb I Had Done Changes Accordingly and Updated My Branch Could Please Review This PR Thanks |
1 similar comment
|
Hi @maribethb I Had Done Changes Accordingly and Updated My Branch Could Please Review This PR Thanks |
|
Hi @maribethb Could You Please Review This PR |
|
@NeilFraser owns this PR review now. Thanks! |
|
This PR is just a whitespace change. I don't think that's what you are looking for. |
|
Hi @NeilFraser Thanks For Reviewing Thanks |
|
Closing as already completed. |
By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML. Always be cautious when dealing with user input or dynamic content to prevent security risks.