[BUG] Consider removing innerHTML usage

Expected Behavior

Firefox addons being accepted without warnings around Chart.js.

Current Behavior

Submitting an addon to the Firefox store gives:

Unsafe assignment to innerHTML

Warning: Due to both security….

When searching through master, I get one offending line:

resizer.innerHTML =
‘<div class=”‘ + cls + ‘-expand” style=”‘ + style + ‘”>’ +
‘<div style=”‘ +
‘position:absolute;’ +
‘width:’ + maxSize + ‘px;’ +
‘height:’ + maxSize + ‘px;’ +
‘left:0;’ +
‘top:0″>’ +
‘</div>’ +
‘</div>’ +
‘<div class=”‘ + cls + ‘-shrink” style=”‘ + style + ‘”>’ +
‘<div style=”‘ +
‘position:absolute;’ +
‘width:200%%;’ +
‘height:200%%;’ +
‘left:0; ‘ +
‘top:0″>’ +
‘</div>’ +
‘</div>’;

At first glance this seems to be the same usage in the minified build.

Possible Solution

Unsure, but perhaps there’s another way to do the same thing in that line?

Steps to Reproduce (for bugs)

  1. Follow the Firefox addon submission wizard for an addon that includes Chart.min.js as a content_script

Context

Reviews of such addons tend to take longer, or the addon might even be rejected based on this.

Environment

  • Chart.js version: 2.7.3
  • Browser name and version: n/a
  • Link to your project: n/a

Author: Fantashit

1 thought on “[BUG] Consider removing innerHTML usage

  1. You could use document.createElement, appendChild, etc. to create the dom structure without using innerHTML. Feel free to send a PR

Comments are closed.