12/02/13 19:58:53.68
Your script creates DOM nodes from HTML strings containing unsanitized data, by assigning to innerHTML or through similar means. Aside from being inefficient, this is a major security risk
var parser = document.createElement('div');
parser.innerHTML = x.responseText; // 他のwebサイトのhtml
var t = parser.getElementsByClassName('aa')[0];
↑この部分について代わりの方法教えてもらえないでしょうか