|
|
|
|
|
|
by DoctorOW
109 days ago
|
|
|
They do link the default configuration for "safe": https://wicg.github.io/sanitizer-api/#built-in-safe-default-... But I agree, my default approach has usually been to only use innerText if it has untrusted content: So if their demo is this: container.SetHTML(`<h1>Hello, {name}</h1>`);
Mine would be: let greetingHeader = container.CreateElement("h1");
greetingHeader.innerText = `Hello, {name}`;
|
|
|
Edit: I don't mean this flippantly. If I want to render, say, my blog entry on your site, will I need to select every markup element from a dropdown list of custom elements that only accept text a la Wordpress?