Use innerText instead of innerHTML to discourage XSS risks

Roberto Clapis (@empijei) pointed out to me that using innerHTML for unformatted text is bad practice, so I've switched to using innerText and SetTextContent instead.
2025-01-18 04:03:21 -08:00 · 2018-08-17 10:26:43 +01:00
parent 31e31e865c
commit e481a67ae8
4 changed files with 3 additions and 3 deletions
--- a/js/main.go
+++ b/js/main.go
@@ -14,7 +14,7 @@ func main() {
 	div := document.Call("getElementById", "target")

 	node := document.Call("createElement", "div")
-	node.Set("innerHTML", "Hello World")
+	node.Set("innerText", "Hello World")

 	div.Call("appendChild", node)
 }