Home > Article > Web Front-end > How to Safely Append HTML Strings to the DOM Without Using `div.innerHTML = str;`?
How to Safely Append HTML Strings to the DOM Without Using `div.innerHTML = str;`?
- Mary-Kate OlsenOriginal
- 2024-11-05 07:13:02890browse
Append HTML Strings to the DOM Without div.innerHTML
While appending HTML strings to the DOM using div.innerHTML = str; may be convenient, it is discouraged due to security vulnerabilities. A safer and more robust approach is to utilize the insertAdjacentHTML() method.
Using insertAdjacentHTML()
insertAdjacentHTML() offers a standardized way to insert HTML strings into the DOM. It takes two parameters:
- position: Specifies where to insert the HTML relative to the target element. Can be "beforebegin," "afterbegin," "beforeend," or "afterend."
- html: The HTML string to insert.
In your case, to append the provided HTML string to the
<code class="javascript">const div = document.getElementById("test");
div.insertAdjacentHTML("beforeend", str);</code>
The "beforeend" position will insert the HTML inside the
Browser Compatibility
insertAdjacentHTML() is supported in all modern browsers, including Chrome, Firefox, Safari, and Edge.
Live Demo
For a demonstration, visit the following JSFiddle: http://jsfiddle.net/euQ5n/
The above is the detailed content of How to Safely Append HTML Strings to the DOM Without Using `div.innerHTML = str;`?. For more information, please follow other related articles on the PHP Chinese website!
Related articles
See more- An in-depth analysis of the Bootstrap list group component
- Detailed explanation of JavaScript function currying
- Complete example of JS password generation and strength detection (with demo source code download)
- Angularjs integrates WeChat UI (weui)
- How to quickly switch between Traditional Chinese and Simplified Chinese with JavaScript and the trick for websites to support switching between Simplified and Traditional Chinese_javascript skills