←back to thread

Element: setHTML() method

(developer.mozilla.org)
248 points todsacerdoti | 1 comments | | HN request time: 0.205s | source
Show context
michalpleban ◴[] No.45674843[source]
So is this basically a safe version of innerHTML?
replies(2): >>45674953 #>>45677088 #
Octoth0rpe ◴[] No.45674953[source]
Yes, although a slightly more relevant way of putting it would be that it's an inbuilt DOMPurify (dompurify being an npm package commonly used to sanitize html before injecting it).
replies(1): >>45678500 #
ngold ◴[] No.45678500[source]
Is this basically doing the same thing as https now? But for http, and firefox just never implemented a simple fix for it's entire existence until now?

I obviously know nothing about this, but I still find it fascinating. Or am I off my block.

replies(2): >>45678750 #>>45679659 #
1. bilekas ◴[] No.45679659[source]
XSS isn't related to https/ssl, ssl is the secure conncetion between you and the server, but xss is the injection of data into the site which will be executed in your browser in this case. The connection isnt relevant.

https://developer.mozilla.org/en-US/docs/Web/Security/Attack...