> you can already do sanitation by writing a function to check input before passing it to innerHTML
This is like saying C is memory safe as long as your code doesn't have any bugs.
More saliently, it does not consider parser differentials.
> you can already do sanitation by writing a function to check input before passing it to innerHTML
This is like saying C is memory safe as long as your code doesn't have any bugs.
More saliently, it does not consider parser differentials.