Hello,
as someone relatively new to Javascript and even more so Twitch Extensions, I am currently wondering what the acceptable way of modifying an Extension’s contents is. As the guidelines state:
Do not inject directly into the DOM any data obtained dynamically over AJAX (e.g., JSON is fine, HTML is not).
But if I just take a string from my JSON object and throw that into the mix, it could still contain arbitrary HTML tags, so I’m a bit confused by this line. (Let’s blame it on a language barrier and lack of experience.) Even though I control everything my backend sends out and know for certain there is no way of it containing HTML tags, the Twitch devs won’t, and I feel like it might be rejected due to these guidelines if I just do this:
someDivElement.innerHtml = json.myText;
Because that means if json.myText happens to be, for whatever reason,
<img src=”data:image/png;base64,iVBORw0KGgoAAAA...5ErkJggg==”>
…the viewers could end up with an image of dickbutt (or worse!) in the panel which I feel was supposed to be prevented by this guideline in the first place. Or maybe I just misunderstand the intention of it?
(Sorry, could not resist)
Trying to get around this problem, this is how I currently intend handle it:
window.Twitch.ext.listen('broadcast', function(target, contentType, message) {
//Handle PubSub messages
var json = 0;
try { json = JSON.parse(message); }
catch(ex) { /* do some error handling */ }
upd("titleDiv", json.myTitle); //shortcut function
//do this a few more times for different things
}
//Shortcut function for updating contents
function upd(id, val)
{
//replace "<" and ">"
var safeVal = String(val).replace(/</g, "<").replace(/>/g, ">");
document.getElementById(id).innerHTML = safeVal;
}
Is this a good and acceptable way for handling content updates? Should I do something else instead?
Thanks for your time, any tips on how you guys handle this are most welcome.
Best regards
Matt