The Digital Press

A new method called setHTML() offers a safer way to insert HTML into web pages by sanitizing input to prevent cross-site scripting (XSS) attacks. It aims to replace risky uses of innerHTML by automatically removing unsafe elements and attributes from inserted HTML strings.

Why it matters: setHTML() improves web security by preventing XSS vulnerabilities when dynamically injecting HTML content.

The big picture: This method is experimental and only supported in some browsers, indicating early adoption with wider support expected later.

The other side: Some developers find the API restrictive since it strips even explicitly allowed unsafe elements like