My question is about safe innerHTML assignment inside content scripts in Electrolysis. First of all, I apologize if it is not the best place to ask this type of question or if it was answered before (which I missed in my googling) - in this case please let me know what would be a better place…
With Electrolysis release coming in January, we are trying to make our [overlay-based] add-on compatible with it ASAP. We are mostly done [functionally] as far as making our add-on work on “nightly” [Electrolysis] Firefox. One sticky place that we are unsure how to proceed is how to transform our markup builder code within our add-on (as that markup is based on the info we get from our server). Originally we built markup using JQuery’s html() function or direct innerHtml assignment. When reviewer asked us to modify that as unsafe we started using Components.interfaces.nsIScriptableUnescapeHTML.
Well, now in Electrolysis nsIScriptableUnescapeHTML seems to be unavailable to the content scripts. So what can we do to quickly rectify this situation? [We can certainly build the markup within the background code, but the process is somewhat incremental and making frequent calls to go back and forth between content script and background is probably not too efficient…] What’s the alternative to using nsIScriptableUnescapeHTML for safe markup creation inside content script under Electrolysis?