Skip to content

Code cleanup

Currently the code in this file, does not meet Adarma best practices.

Although the code is not susceptible to XSS because all data is loaded from a constants file, this type of HTML concatenation does not adhere to Adarma code policy.

This file should be restructured in such a way that, even if the data was dynamic, XSS would not be possible. When fixed, there should be no actions like the following:

  • jquery.html(variable)
  • elem.innerHTML = variable
  • elem.outerHTML = variable

(with the exception of jquery.html("string literal"), where absolutely necessary)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information