10 biggest JS pitfalls

gaz Heyes gazheyes at gmail.com
Sun Dec 30 14:06:53 PST 2012


I'd say String.replace needs to be there:
http://blog.mindedsecurity.com/2010/09/twitter-domxss-wrong-fix-and-something.html
http://www.thespanner.co.uk/2010/09/27/string-replace-javascript-bad-design/

Also the fact that no built in html encode/decode exists.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20121230/97c49368/attachment.html>


More information about the es-discuss mailing list