Make sure translations can only use two HTML tags without any attributes - no custom HTML code in t…

The fact that we currently allow custom HTML code in Chrome translations is a bug, not a feature. The implications of a malicious translation in Chrome are limited, in Firefox it would be an outright security vulnerability however.

[Thomas Greiner, 2013-07-10 08:45:38]

LGTM
one comment but not a necessary change

http://codereview.adblockplus.org/11072062/diff/1/chrome/content/ui/i18n.js
File chrome/content/ui/i18n.js (right):

http://codereview.adblockplus.org/11072062/diff/1/chrome/content/ui/i18n.js#n...
chrome/content/ui/i18n.js:121: node.removeChild(node.lastChild);
node.innerHTML = "";
is increasingly faster the more child nodes a node has but given that those
nodes usually don't have more than one child node it shouldn't matter which
approach we use here

[Wladimir Palant, 2013-07-10 09:07:23]

http://codereview.adblockplus.org/11072062/diff/1/chrome/content/ui/i18n.js
File chrome/content/ui/i18n.js (right):

http://codereview.adblockplus.org/11072062/diff/1/chrome/content/ui/i18n.js#n...
chrome/content/ui/i18n.js:121: node.removeChild(node.lastChild);
I would rather avoid using innerHTML for anything - seeing it used in an
extension is usually a bad sign. In particular, AMO's extension validator will
show a warning if it finds innerHTML somewhere, the reviewers then need to
verify manually that its use if benign.

[Thomas Greiner, 2013-07-10 09:41:43]

http://codereview.adblockplus.org/11072062/diff/1/chrome/content/ui/i18n.js
File chrome/content/ui/i18n.js (right):

http://codereview.adblockplus.org/11072062/diff/1/chrome/content/ui/i18n.js#n...
chrome/content/ui/i18n.js:121: node.removeChild(node.lastChild);
I wasn't aware of that review process. I assume that's not the case for
textContent because it has the same effect if you do
node.textContent = "";