https://bugzilla.wikimedia.org/show_bug.cgi?id=61743
--- Comment #1 from Prateek Saxena <[email protected]> --- Instances of `.html()` - 1. In the `createBox` method I do something like: $el.html( $el.html() ); Its to refresh the DOM and display the SVG elements (see comments in the method) that were added in the `createThumbnail` method. The elements created there follow [1] and thus are escaped. 2. To create the SVG element that masks the popup to create the triangle I do: $svg.html( '<svg width="0" height="0">...</svg>' ); Making this through jQuery methods was becoming to verbose. This a plain string with no concatenation from anywhere so I guess its safe. 3. There is an i18n string if the page redirects, it needs to read like "redirects to OtherPage". As in certain languages it could be "OtherPageā¦" and not "ā¦OtherPage", Mark suggested that I add a $1 to it [2]. As I need those elements to be styled a certain way, the i18n strings will end up having an <h3> and thus my code looks something like this $( '<div>' ).html( mw.message( 'popups-redirects', redirects[ 0 ].to ).text() ); I am not sure if this is safe. [1] https://www.mediawiki.org/wiki/Manual:Coding_conventions/JavaScript#Creating_elements [2] https://gerrit.wikimedia.org/r/#/c/111983/3/Popups.i18n.php -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
