Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make safeMsg a module instead of a function parameter #7377

Open
WorldLanguages opened this issue Apr 23, 2024 · 0 comments
Open

Make safeMsg a module instead of a function parameter #7377

WorldLanguages opened this issue Apr 23, 2024 · 0 comments
Labels
scope: addon api Related to the addon.* JS APIs or other ways for addons to provide features scope: addon Related to one or multiple addons scope: core Related to the core script/extension workings type: enhancement New feature for the project
Milestone
Backlog

Comments

@WorldLanguages
Copy link
Member

We would no longer do this.

export default async function ({ addon, console, msg, safeMsg }) {
  element.innerHTML = `<div> ${safeMsg("hello")} </div>`;
  // ...

Instead. we would do this:

import { safeMsgBuilder } from "...";
export default async function ({ addon, console, msg }) {
  const safeMsg = safeMsgBuilder(msg);
  element.innerHTML = `<div> ${safeMsg("hello")} </div>`;
  // ...

The idea is that the module that exposes safeMsgBuilder should clearly show the escaping logic. This may help extension store reviewers determine that our safeMsg function is actually safe.
@WorldLanguages WorldLanguages added type: enhancement New feature for the project scope: addon api Related to the addon.* JS APIs or other ways for addons to provide features scope: addon Related to one or multiple addons scope: core Related to the core script/extension workings labels Apr 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scope: addon api Related to the addon.* JS APIs or other ways for addons to provide features scope: addon Related to one or multiple addons scope: core Related to the core script/extension workings type: enhancement New feature for the project
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
1 participant
@WorldLanguages