Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

using textContent instead of innerHTML #3

Open
bobbysebolao opened this issue Mar 4, 2020 · 0 comments
Open

using textContent instead of innerHTML #3

bobbysebolao opened this issue Mar 4, 2020 · 0 comments

Comments

@bobbysebolao
Copy link

bobbysebolao commented Mar 4, 2020
edited
Loading

On line 40 of calculator.js, you're right about it being preferable not use innerHTML:

inputDisplay.innerHTML = "input"; //shouldn't use innerHTTML

You can use textContent instead:

inputDisplay.textContent = "input"; //shouldn't use innerHTML

One reason not to use the innerHTML method is that it parses content as HTML. This means that a web browser running your code will try to read any HTML tags that are in the string you assign as the innerHTML value. The reason why this is bad is that it leaves your website vulnerable to cross-site scripting (XSS) attacks - someone could insert an unauthorised <script> tag into your code and use it to do evil things.

textContent parses strings as plaintext, so it doesn't come with this risk.

Here's an article that talks more about what cross-site scripting is.
@bobbysebolao bobbysebolao changed the title use textContent instead of innerHTML using textContent instead of innerHTML Mar 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bobbysebolao