- Iggyhopper
- |
- Exalted Mythic Member
AV=http://avatar.coolclip.ru/albums/Avatars/Avatars%2090x90/A vatars_90x90_022.gif
BG=http://avatar.coolclip.ru/albums/Avatars/Avatars%2090x90/A vatars_90x90_022.gif
Posted by: dazarobbo
Posted by: Iggyhopper
regex + innerHTML is bad. NOOOOOOOOOooooooooooooOrdinarily I'd agree, however:
- If it's a performance issue, then with large strings and 0 or more quantifiers I can see how. In this case it isn't. All were doing is replacing a very small string.
- If it's a security issue by way of XSS or something (like what David was saying), then, again, ordinarily that would be an issue. Here we're not even touching any HTML entities and this particular regex is able to get to everything. I concede that if it were a Javascript string literal within a script itself in the HTML, then it would be an issue.
- If it's a general concern that you should use a DOM parser and go modify the textContent value (again, as David was saying) rather than regex-ing straight HTML, that's open to debate (see the multiple arguments of stackoverflow for reference). Generally I would agree and go with the DOM (as I usually do with parsing HTML in PHP), but I think most of us here know the bungie.net HTML pretty well, so again, I don't think it's of great concern.But editing innerHTML breaks event listeners of effected elements, which is the whole page. It could break other scripts depending on when it executes.
I just tried it. It broke the search bar. The nav bar is fine though.
So, you would need to cycle through the posts, and use replace only in the <p> tag.
pseudo code
foreach element in document.getElementsBy('p')
element.innerHTML = element.innerHTML.replace('blah', 'blah')
That will minimize collateral damage if there is any, but you're still using innerHTML.
[Edited on 09.29.2011 7:00 AM PDT]