https://bugzilla.wikimedia.org/show_bug.cgi?id=61743

--- Comment #1 from Prateek Saxena <psax...@wikimedia.org> ---
Instances of `.html()` - 

1. In the `createBox` method I do something like:

    $el.html( $el.html() );

Its to refresh the DOM and display the SVG elements (see comments in the
method)  that were added in the `createThumbnail` method. The elements created
there follow [1] and thus are escaped.


2. To create the SVG element that masks the popup to create the triangle I do:

    $svg.html( '<svg width="0" height="0">...</svg>' );

Making this through jQuery methods was becoming to verbose. This a plain string
with no concatenation from anywhere so I guess its safe.


3. There is an i18n string if the page redirects, it needs to read like
"redirects to OtherPage". As in certain languages it could be "OtherPageā€¦" and
not "ā€¦OtherPage", Mark suggested that I add a $1 to it [2]. As I need those
elements to be styled a certain way, the i18n strings will end up having an
<h3> and thus my code looks something like this

    $( '<div>' ).html( mw.message( 'popups-redirects', redirects[ 0 ].to
).text() );

I am not sure if this is safe.

[1]
https://www.mediawiki.org/wiki/Manual:Coding_conventions/JavaScript#Creating_elements
[2] https://gerrit.wikimedia.org/r/#/c/111983/3/Popups.i18n.php

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to