JS: adding new dom nodes by adding html markup to the innerHTML property as string...
It's either dumb or a genius move.

  • 2
    There was once a time document.write()
    was used for every line of HTML.

    JS devs are still psychopaths, they've just try and hide it with layers of abstraction.
  • 0
    @C0D4 i remember those document.write() times 😅
  • 0
  • 0
    Genius unless you’re stupid
  • 0
    why would that be dumb though?
  • 1
    @theabbie unsanitized user inputs and other hijacking possibilities
  • 1
    @example-user That depends on Developer how he implements that, there is document.appendChild() and all those functions, just because an easier way exists doesn't mean it's bad. It would be dumb to just add string from unreliable source directly into HTML.
  • 1
    @example-user you can still sanitize input for DOM elements added this way with delegate functions.
  • 1
    it's mosty much less hassle than adding literally any dom hierarchy (unless it's highly procedurally generated) via the proper dom manipulation functions.

    the only api which i ever saw get it right (and, OH, HOW VERY RIGHT <3) is the XDocument library in .NET.
Add Comment