Haven’t been following this closely enough to understand the overhead involved, but if it’s not big then retaining backwards compatibility in emulation should take priority IMO. For other component sets I wouldn’t say that.
From: Harbs<mailto:harbs.li...@gmail.com> Sent: Sunday, December 12, 2021 2:12 PM To: dev@royale.apache.org<mailto:dev@royale.apache.org> Subject: Re: Sanitizing HTML (was Re: 0.9.9) > On Dec 12, 2021, at 11:30 AM, Harbs <harbs.li...@gmail.com> wrote: > > Spark ButtonBase I just spent some time looking at this. It seems like Spark supported styling the button labels which is probably why innerHTML is used. https://stackoverflow.com/questions/15295129/flex-part-of-spark-button-bold-label <https://stackoverflow.com/questions/15295129/flex-part-of-spark-button-bold-label> So there’s two ways we can handle this: 1. Keep innerHTML, but sanitize the HTML. 2. Change Spark Buttons to only support plain text by default and add an html setter to be clear that it’s expecting HTML (which needs to be sanitized). I like 2 better, but that would not keep perfect backwards compatibility. Thoughts? Harbs
