OK kind of security question… if I’m loading HTML from an AJAX request (mostly trusted, full my own server), and I want to safely put that on my web page, what’s the “right” way to do that?
-
OK kind of security question… if I’m loading HTML from an AJAX request (mostly trusted, full my own server), and I want to safely put that on my web page, what’s the “right” way to do that? Make a div and assign the response to .innerHTML? Is there something “safer”?
-
Riley S. Faelanreplied to Kat Marchán 🐈 last edited by
@zkat The old-school approach involved the use of layers (or ilayers). Layers worked a lot like frames, which means, they can be independently loaded, so you can specify an URL, triggering a new HTTP request. Layers were embedded in the document structure, however.
But layers have been considered obsolete for some time now, and supposedly replaced by
div
:s.As a general rule of thumb, 'safely' depends on what you mean by 'risk'.
Copyright © 2024 NodeBB | Contributors