Use the innerText property

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

If you create a page with untrusted input, use the innerText property instead of innerHTML. The innerText property renders content safe and ensures that script is not executed.

References

Personal tools