我该怎么做才能验证我的代码错误
[英]What can I do to validate my code error
问题描述
What can I do to make sure my code is secure? 
我该怎么做才能确保我的代码安全? My add-on from Mozilla was validated, but apparently this line was unsecure: 我的Mozilla附加组件已通过验证,但显然这行是不安全的:
if (p.getElementById("bluebarholder"))
p.getElementById("top").setAttribute('onclick', 'window.open("http://www.facebook.com","_self")');
I don't know whats the issue or how to solve it as they haven't replied to my message yet. 我不知道问题是什么或如何解决,因为他们尚未回复我的消息。
1 个解决方案
解决方案1
1 已采纳 2012-12-22 23:56:34
This is an example of "eval is evil". 这是“以恶为恶”的一个例子。
You're passing a string as an event handler, forcing the browser to fire up a Javascript parser to evaluate the string. 您正在将字符串作为事件处理程序传递,从而迫使浏览器启动Javascript解析器来评估该字符串。
Instead, you should call addEventListener to add a function as a handler. 相反,您应该调用addEventListener将函数添加为处理程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.