On Friday, April 12, 2013 4:35:13 PM UTC+2, Vivien wrote: > On 12/04/2013 15:03, Gabriele Svelto wrote: > > > Hi all, > > > > > > > tl;dr innerHTML is still slow and makes security reviews harder for us. > > >> Please use DOM methods like document.createElement(). My tool might help > > >> you [4]. Track your efforts as blockers against this bug [5]. > > > > > > I didn't have the chance to read your mail earlier and I feel sorry > > > for actually recommending in the past the use of innerHTML as a valid > > > way to defer the parsing of large invisible portions of an application. > > > > > > In fact our FxOS performance page on MDN still recommends it as a > > > startup performance tip! > > > > > > https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Performance#Startup_performance > > > > > > > > > > > I think it would be a good idea to update that part of the page with > > > your suggestions and add a link to your html2dom tool. > > > > > > Gabriele > > > > I feel like we need some real numbers taken on the device before > > recommending anything. > > > _______________________________________________ > > > dev-gaia mailing list > > > [email protected] > > > https://lists.mozilla.org/listinfo/dev-gaia
Well, I think that from a security standpoint we should avoid innerHTML in all cases where there is input involved. _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
