Ideally you should be able to set a global property somewhere (as a web developer) that disallows outdated APIs like `innerHTML`, but with the Big Caveat that your website will not work on browsers older than X. But maybe there's web standards for that already, backup content if a browser is considered outdated.
It's not an "outdated API". It's still good for what it was always meant for: parsing trusted, application-generated markup and atomically inserting it into the content tree as a replacement for a given element's existing children.
> set a global property somewhere (as a web developer) that disallows[…] `innerHTML`
(Not that you should actually do this—anyone who has to resort to it in their codebase has deeper problems.)Doesn't using TrustedTypes basically do that? I'm not really web-y, someone please correct me if I'm off.
Yup, this is basically what TrustedTypes is for!
I like the idea of that. But I imagine linting rules are a much more immediate answer in a lot of projects.