Y
Hacker News
new
|
ask
|
show
|
jobs
by
entuno
121 days ago
If that'd been the design from the start, then sure. But it's not at all obvious that setHTML is safe with arbitrary user input (for a given value of "safe") and innerHTML is dangerous.