The new .setHTML() method in JavaScript, part of the Sanitizer API, can be a one-to-one replacement for .innerHTML(), making sites more secure from XSS attacks. I think that’s pitch-perfect feature branding from Mozilla on this: Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148. Listen to Frederik Braun go deep into this on ShopTalk […]

Frontend Masters is an online learning platform offering  courses on frontend development technologies such as JavaScript, HTML, CSS, React, and Vue.js. Readers can learn about advanced frontend concepts, best practices, and modern development workflows from industry experts. With video lectures, exercises, and real-world projects, Frontend Masters provides  guidance and expertise for mastering frontend development skills.

Frontend Masters

The new `.setHTML()` method in JavaScript, part of the Sanitizer API, serves as a drop-in replacement for `.innerHTML` with built-in XSS protection. Mozilla introduced this feature in Firefox 148, branding it as a safer alternative. Frederik Braun discusses it in depth on the ShopTalk podcast and shares a recipe to use `setHTML` exclusively, effectively eliminating all DOM-XSS risks.

Goodbye innerHTML, Hello setHTML – Frontend Masters Blog