monochrome photo of two people having a video call

Goodbye innerHTML, Hello setHTML

Chris Coyier Chris Coyier on

The new .setHTML() method in JavaScript, part of the Sanitizer API, can be a one-to-one replacement for .innerHTML(), making sites more secure from XSS attacks. I think that’s pitch-perfect feature branding from Mozilla on this: Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148.

Listen to Frederik Braun go deep into this on ShopTalk recently and a bonus blog post where he shows the recipe to make only setHTML work “essentially removing all DOM-XSS risks”.

It's time to take your JavaScript to the next level

Frontend Masters logo

Frontend Masters is the best place on the web to really learn JavaScript. We have a complete learning path from the biggest and best teachers in JavaScript to help you make the most out of the web's biggest language. Access 300+ courses with a Frontend Masters subscription and get 20% off today!

  • Personalized Learning
  • Industry-Leading Experts
  • 24 Learning Paths
  • Live Interactive Workshops
20% Off
Start Learning Today →

Leave a Reply

Your email address will not be published. Required fields are marked *

$966,000

Frontend Masters donates to open source projects through thanks.dev and Open Collective, as well as donates to non-profits like The Last Mile, Annie Canons, and Vets Who Code.