[all] Dynamic Zuul results table in Gerrit 3
Radosław Piliszek
radoslaw.piliszek at gmail.com
Thu Dec 3 13:52:45 UTC 2020
On Thu, Dec 3, 2020 at 2:38 PM Tristan Cacqueray <tdecacqu at redhat.com> wrote:
>
>
> On Thu, Dec 03, 2020 at 10:22 Radosław Piliszek wrote:
> > Hello Fellow OpenStack and OpenDev Folks!
> >
> > TL;DR click on [3] and enjoy.
> >
>
> Hello
>
> It seems like this script is injecting build details directly using
> the innerHTML attribute without filtering html entities,
> please see the `Security considerations` section of
>
> https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML
Yes, it is a generally valid remark but I consider both Gerrit and
Zuul (both of OpenDev) to have the exact same level of trust so did
not modify the approach.
But yes, for anyone trying to learn best practices from this snippet -
please do not, it is far from them. :-)
In general this approach is very wasteful as it causes rebuilding (or
rather rejoining) and reparsing of html, instead of DOM manipulations.
For such a simple table it does not hurt but please do not do it at home.
-yoctozepto
More information about the service-discuss
mailing list