alt Hacker Newsit's not at all clear which is which from the names
There's setHTML and setHTMLUnsafe. That seems about as clear as you can get.
Replies
hahn-kev • yesterday at 4:40 PM
But you can use InnerHTML to set HTML and that's not safe.
➕ show 1 reply
it's not at all clear which is which from the names
There's setHTML and setHTMLUnsafe. That seems about as clear as you can get.
But you can use InnerHTML to set HTML and that's not safe.
If that'd been the design from the start, then sure. But it's not at all obvious that setHTML is safe with arbitrary user input (for a given value of "safe") and innerHTML is dangerous.