We've been using a CSP policy inserted via a DOM meta tag after load time to prevent XSS via innerHTML. It effectively makes all calls to innerHTML equivalent to toStaticHTMLReceived on Tuesday, 30 April 2013 18:59:28 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC