0

What can I do to make sure my code is secure? My add-on from Mozilla was validated, but apparently this line was unsecure:

if (p.getElementById("bluebarholder"))
  p.getElementById("top").setAttribute('onclick', 'window.open("http://www.facebook.com","_self")');

I don't know whats the issue or how to solve it as they haven't replied to my message yet.

4

1 に答える 1

1

This is an example of "eval is evil".
You're passing a string as an event handler, forcing the browser to fire up a Javascript parser to evaluate the string.

Instead, you should call addEventListener to add a function as a handler.

于 2012-12-22T23:56:34.713 に答える