Last modified: 2012-12-06 22:28:55 UTC
The following javascript concerns me. I haven't found a way to get xss, but it would be good to rewrite these using element creation and .append() instead of concating and .html(). Is this possible? * ./resources/js/ext.uls.init.js linkClass = 'uls-prevlang-link'; prevLangLink = '<a href="#" lang = "' + previousLang + '" class = "' + linkClass + '" >' + prevLangName + '</a>'; * ./resources/js/ext.uls.displaysettings.js $fontLabel.html( '<strong>' + $.i18n( 'ext-uls-webfonts-select-for', $.uls.data.getAutonym( this.uiLanguage ) ) + '</strong>' + '<div>' + $.i18n( 'ext-uls-webfonts-select-for-ui-info' ) + '</div>' ); $fontLabel.html( '<strong>' + $.i18n( 'ext-uls-webfonts-select-for', $.uls.data.getAutonym( this.contentLanguage ) ) + '</strong>' + '<div>' + $.i18n( 'ext-uls-webfonts-select-for-content-info' ) + '</div>' );
* https://gerrit.wikimedia.org/r/31212 * https://gerrit.wikimedia.org/r/31214
Those both look good. Thanks Niklas!
Both merged.