- CrazzySnipe55
- |
- Fabled Legendary Member
Posted by: the panzie man
Posted by: dazarobbo
Posted by: Iggyhopper
regex + innerHTML is bad. NOOOOOOOOOooooooooooooOrdinarily I'd agree, however:
- If it's a performance issue, then with large strings and 0 or more quantifiers I can see how. In this case it isn't. All were doing is replacing a very small string.
- If it's a security issue by way of XSS or something (like what David was saying), then, again, ordinarily that would be an issue. Here we're not even touching any HTML entities and this particular regex is able to get to everything. I concede that if it were a Javascript string literal within a script itself in the HTML, then it would be an issue.
- If it's a general concern that you should use a DOM parser and go modify the textContent value (again, as David was saying) rather than regex-ing straight HTML, that's open to debate (see the multiple arguments of stackoverflow for reference). Generally I would agree and go with the DOM (as I usually do with parsing HTML in PHP), but I think most of us here know the bungie.net HTML pretty well, so again, I don't think it's of great concern.
This post makes me happy I don't understand it.
I must never learn.
[Edited on 09.28.2011 9:09 PM PDT]