My application dynamically builds HTML content as a string and when finished the content is being attached to the DOM. In WinJS however this throws exceptions once I try to
This is because of security concerns about inserting random bits of HTML into the document, and potentially allowing unsafe code to execute inside a protected context (your app, with full access to the WinRT, and users documents).
toStaticHtml
is intended to remain 'secure' in the case of evolving HTML/web patterns so it is a whitelist rather than a blacklist.
Given your challenge that you have here I see the following options:
msExecUnsafeLocalFunction
(see below). This means for the life of that call, all Dom insertions will be fine. This doesn't require a change to jquery, just your code.msExecUnsafeLocalFunction
WinJS.Binding.Template
to render your content rather than Jquery. This clones the nodes rather than stringifying the HTMLsetAttribute
after the safe node is inserted.Example usage of msExecUnsafeLocalFunction:
MSApp.execUnsafeLocalFunction(function() {
$('#container').html(html);
});