> This stuff is really nice and the ff4/3.6. How would you read the data back > in order to add it to the DOM? Since we can't trust innerHTML or DOM styles :( I'm not sure I understand your requirements. Once the raw data is parsed, you've got a valid DOM which you can walk/filter/whatever by using the usual DOM / XPath stuff. Even the innerHTML output is now rebuilt from the DOM and thus "normalized" (e.g. you get double quotes around every attribute, invalid characters inside tags are removed and so on). What am I missing? (sorry if I'm actually missing anything obvious, since I'm late in this thread). -- G gaz Heyes wrote, On 17/02/2011 12.19: > On 16 February 2011 23:02, Giorgio Maone <g.maone@informaction.com > <mailto:g.maone@informaction.com>> wrote: > > Actually impl.createHTMLDocument() returns a document including head and > body elements, so you can just do > > body = document.implementation.createHTMLDocument().body; > > body.innerHTML = "<img src=x onload=alert(1) onerror=alert(1)>"; > alert(body.innerHTML); > > > This stuff is really nice and the ff4/3.6. How would you read the data back > in order to add it to the DOM? Since we can't trust innerHTML or DOM styles :(
Received on Thursday, 17 February 2011 14:12:05 UTC