it's not at all clear which is which from the names
There's setHTML and setHTMLUnsafe. That seems about as clear as you can get.
it's not at all clear which is which from the names
There's setHTML and setHTMLUnsafe. That seems about as clear as you can get.
If that'd been the design from the start, then sure. But it's not at all obvious that setHTML is safe with arbitrary user input (for a given value of "safe") and innerHTML is dangerous.
But you can use InnerHTML to set HTML and that's not safe.
At this point that API has been around for decades and is probably impossible to deprecate without breaking fairly large amounts of the web. The only option is to introduce a new and better API, and maybe eventually have the browser throw out console warnings if a page still uses the old innerHTML API. I doubt any browser vendor will be gung ho enough to actually remove it for a very long time.