Title was a bit rage-baity. And I think you can already do sanitation by writing... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dogtimeimmortal 11 days ago \| parent \| context \| favorite \| on: Goodbye InnerHTML, Hello SetHTML: Stronger XSS Pro... Title was a bit rage-baity. And I think you can already do sanitation by writing a function to check input before passing it to innerHTML? This really just seems like another attempt at reinventing the wheel. Somewhat related, I find it ironic how i cannot browse hacks.mozilla.org in my old version of firefox("Browser not supported"). Also, developer.mozilla.org loads mangled to various degrees in current versions of palemoon, basilisk, and seamonkey It's like there is some sort of "browser cartel" trying to screw up The Web.

		help

Retr0id 11 days ago [–]

> you can already do sanitation by writing a function to check input before passing it to innerHTML

This is like saying C is memory safe as long as your code doesn't have any bugs.

More saliently, it does not consider parser differentials.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact