New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule proposal: prefer `getHTML`/`setHTML` to `.innerHTML` #2347

Open

fregante opened this issue May 9, 2024 · 2 comments

Labels

evaluating new rule

Collaborator

fregante commented May 9, 2024 •

edited

Description

See context for the Sanitizer API in https://fullystacked.net/innerhtml-alternatives/

Fail

main.innerHTML = '<h2>Mambo Nº2</h2>'

console.log(main.innerHTML);

Pass

main.setHTML('<h2>Mambo Nº2</h2>')

console.log(main.getHTML());

Related

Expand prefer-dom-node-text-content against .innerHTML or implement no-inner-html rule #1405

The text was updated successfully, but these errors were encountered:

fregante added evaluating new rule labels

Contributor

DEVTomatoCake commented May 11, 2024 •

edited

According to MDN all major browsers removed support for <Element>.setHTML() (though not <Element>.getHTML()) again, according to Can I use it's available in about 5% of browsers. It's still in the spec, however that doesn't help if all users should be able to use your website.

Why would you prefer something which breaks the site for most users, especially on recent browser releases, with no apparent benefits by itself (if you don't use sanitizers), over something which has been working since many years?

Collaborator Author

fregante commented May 11, 2024

The linked article has more info on why. The rule might take years to be added and even then it could be left disabled by default until Chrome implements it again. Browsers are quick to update nowadays

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment