Hi, I used a frontend framework (Svelte) to make an add-on. When I tried submitting my add-on, I got the warning, Unsafe assignment to innerHTML.
Do I have to address/fix the warning? If so, how can I do it, since Svelte compiled and generated the code for the add-on. Or do I not have to fix it because the add-on code was generated by Svelte?
I really appreciate any help anyone can provide. Thanks!
I don’t think it’s fixable. It’s just how the framework works. I have the same issue with my Vue based addons, but no reviewer ever complained about those.
If I remember correctly, it’s also allowed if you can easily guarantee that the content is sanitized. I think the libraries should guarantee that, so it should be OK.
See also: https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML#security_considerations
And some official discussion from few years back:
Ok, good to know and thanks a lot for clarifying!