alt Hacker NewsIdeally you should be able to set a global property somewhere (as a web developer) that disallows outdated APIs like `innerHTML`, but with the Big Caveat that your website will not work on browsers older than X. But maybe there's web standards for that already, backup content if a browser is considered outdated.
Replies
staticassertion • yesterday at 3:52 PM
Doesn't using TrustedTypes basically do that? I'm not really web-y, someone please correct me if I'm off.
➕ show 1 reply
afavour • yesterday at 3:44 PM
I like the idea of that. But I imagine linting rules are a much more immediate answer in a lot of projects.
It's not an "outdated API". It's still good for what it was always meant for: parsing trusted, application-generated markup and atomically inserting it into the content tree as a replacement for a given element's existing children.
> set a global property somewhere (as a web developer) that disallows[…] `innerHTML`
(Not that you should actually do this—anyone who has to resort to it in their codebase has deeper problems.)