←back to thread

Element: setHTML() method

(developer.mozilla.org)
205 points todsacerdoti | 1 comments | 22 Oct 25 09:03 UTC | HN request time: 0.201s | source
Show context
michalpleban ◴[22 Oct 25 20:38 UTC] No.45674843[source]
So is this basically a safe version of innerHTML?
replies(2): >>45674953 #>>45677088 #
intrasight ◴[23 Oct 25 01:10 UTC] No.45677088[source]
I'm confused as to why you need a "safe" version if you're the one generating and injecting the HTML.
replies(6): >>45677311 #>>45677377 #>>45678388 #>>45678704 #>>45679220 #>>45679443 #
1. halapro ◴[23 Oct 25 06:10 UTC] No.45678704[source]
If you generate it from completely static and known values, have at it.

If you include user-provided data, then you should sanitize it for HTML.