Skip to content

no-inner-html.md

Latest commit

 

History

History
31 lines (20 loc) · 702 Bytes

no-inner-html.md

File metadata and controls

31 lines (20 loc) · 702 Bytes

Disallow Element.prototype.innerHTML in favor of Element.prototype.textContent (github/no-inner-html)

💼 This rule is enabled in the 🔍 browser config.

Rule Details

Using innerHTML poses a potential security risk. Prefer using textContent to set text to an element.

https://github.com/github/paste-markdown/security/advisories/GHSA-gpfj-4j6g-c4w9

👎 Examples of incorrect code for this rule:

function setContent(element, content) {
  element.innerHTML = content
}

👍 Examples of correct code for this rule:

function setContent(element, content) {
  element.textContent = content
}

Version

4.3.2