But I agree, my default approach has usually been to only use innerText if it has untrusted content:
So if their demo is this:
container.SetHTML(`<h1>Hello, {name}</h1>`);
let greetingHeader = container.CreateElement("h1"); greetingHeader.innerText = `Hello, {name}`;
Edit: I don't mean this flippantly. If I want to render, say, my blog entry on your site, will I need to select every markup element from a dropdown list of custom elements that only accept text a la Wordpress?
But I agree, my default approach has usually been to only use innerText if it has untrusted content:
So if their demo is this:
Mine would be: