Quantcast
Channel: Comments on: XSS: Cross-Site Scripting – Basic Security Part 2
Browsing latest articles
Browse All 7 View Live

By: Wladimir Palant

:0
:0
July 18, 2012, 7:44 am

One thing that I don’t understand: why leave markup to translators? Then you still have to worry about JavaScript added to some obscure translation because a translator’s account has been hacked....

View Article
Search

By: James

:0
:0
July 18, 2012, 7:49 am

Ideally, you don’t leave markup in localized strings. Sometimes it’s unavoidable, to be able to localize correctly and still make it look correct. The examples above are real, from support.mozilla.org....

View Article

By: Wladimir Palant

:0
:0
July 18, 2012, 7:59 am

In these scenarios like this one I give translators a string like “To grob a fobster [link]click here[/link].”. So translators don’t get any markup, merely some markers (that might produce different...

View Article

By: James

:0
:0
July 18, 2012, 8:27 am

It also depends a lot on who your localizers are, and how they access the .po files. At Mozilla, or in open source in general, maybe we should be more cautious, with community localizers. At totally...

View Article

By: ryan

:0
:0
July 18, 2012, 10:11 pm

Your jQuery example doesn’t do the same thing as your DOM example. The equivalent jQuery is: $("", {text: username}).appendTo($("#subhead").empty()); Pedantic, I know.

View Article

By: ryan

:0
:0
July 18, 2012, 10:25 pm

$("<h2>", {text: username}).appendTo($("#subhead").empty()); (It ate the arrow brackets. BTW, a note under the comment form saying that the form supports HTML and what tags are allowed would be...

View Article

By: James

:0
:0
July 18, 2012, 10:30 pm

About the examples: I know. The DOM example is kind of The Wrong Way, because you need to be so much more careful. Your way is much better, if I couldn’t restructure things to put the <h2> tag...

View Article
Browsing latest articles
Browse All 7 View Live
Search

Latest Images

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm
Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am
Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
First Pictures of the Eclipse ! ! !

First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm