- From: Mark Simon <notifications@github.com>
- Date: Sat, 26 Jun 2021 02:53:35 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Saturday, 26 June 2021 09:53:48 UTC
> There are many libraries that allows you to create nodes via template literal tags, ensuring XSS safety, better attributes handling, without providing another footgun on the client side API.
I’m not a fan of importing too many libraries. Given that it is relatively simple to do the same thing with three simple lines of code:
```js
let template=let template=document.createElement('template');
template.insertAdjacentHTML('beforeend','<img width="40" height="30" alt="alt text" title="title text">');
let img=template.lastChild;
```
I think using a library is overkilling it.
The point is that I can’t see any and new XSS or other issues which haven’t already been addressed for `insertAdjacentHTML()` or `innerHTML`.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/996#issuecomment-868977767
Received on Saturday, 26 June 2021 09:53:48 UTC