(developer.mozilla.org)

170 points todsacerdoti | 5 comments | 22 Oct 25 09:03 UTC | HN request time: 0.992s | source

Show context

michalpleban ◴[22 Oct 25 20:38 UTC] No.45674843[source]▶

>>45666497 (OP) #

So is this basically a safe version of innerHTML?

replies(2): >>45674953 #>>45677088 #

intrasight ◴[23 Oct 25 01:10 UTC] No.45677088[source]▶

>>45674843 #

I'm confused as to why you need a "safe" version if you're the one generating and injecting the HTML.

replies(5): >>45677311 #>>45677377 #>>45678388 #>>45678704 #>>45679220 #

1. evbogue ◴[23 Oct 25 01:50 UTC] No.45677311[source]▶

>>45677088 #

Why should a web page only have a single person generating and injecting HTML into it?

replies(2): >>45678210 #>>45678259 #

2. intrasight ◴[23 Oct 25 04:38 UTC] No.45678210[source]▶

>>45677311 (TP) #

A single company. Why would I let another company inject HTML into my page?

replies(1): >>45678306 #

3. intrasight ◴[23 Oct 25 04:52 UTC] No.45678259[source]▶

>>45677311 (TP) #

The analogy doesn't hold markup ;)

Whether I generate a whole page or generate a partial page and then add HTML to it is equivalent from a safety perspective.

4. afavour ◴[23 Oct 25 05:04 UTC] No.45678306[source]▶

>>45678210 #

There's this newfangled concept called social media where you let other people post content that exists on your web site. You're rarely allowed to post HTML because of the associated issues with sanitizing it. setHTML could help with that.

replies(1): >>45678467 #

5. president_zippy ◴[23 Oct 25 05:34 UTC] No.45678467{3}[source]▶

>>45678306 #

I just had a flashback to the heyday of MySpace. Now that I think about it though, Neocities has the "social networking" of being able to discover other people's pages and give each other likes and comments.

Hmmm...

↑

Element: setHTML() method