Test2

If you are the one supplying the text and no part of the text is supplied by the user (or some other source that you don’t control), then setting innerHTML is fine:

// * Fine for hardcoded text strings like this one or strings you otherwise 
//   control.
// * Not OK for user-supplied input or strings you don't control unless
//   you know what you are doing and have sanitized the string first.
document.getElementById('myspan').innerHTML = 'newtext';

Submit a Comment

Your email address will not be published. Required fields are marked *