gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
freeCodeCamp/guide/english/javascript/html-dom-innerhtml-property/index.md

56 lines
1.3 KiB
Markdown
Raw Normal View History

fix: change directory structure
2018-10-12 15:37:13 -04:00
---
fix the case in title (#28559) * fix the case in title * fix: corrected verbs' spelling
2019-02-18 09:09:41 +05:30
title: HTML DOM innerHTML Property
fix: change directory structure
2018-10-12 15:37:13 -04:00
---
fix the case in title (#28559) * fix the case in title * fix: corrected verbs' spelling
2019-02-18 09:09:41 +05:30
## HTML DOM innerHTML Property
The `innerHTML` property returns the HTML content inside a selected element and also lets you define a new HTML content.
fix: change directory structure
2018-10-12 15:37:13 -04:00
***GET ELEMENT CONTENT***
```html
<div id="demo">
<p>Demo</p>
</div>
```
```javascript
var element = document.getElementById("demo");
console.log(element.innerHTML) //logs <p>Demo</p>
```
***SET ELEMENT CONTENT***
```html
<div id="demo"></div>
```
```javascript
var element = document.getElementById("demo");
element.innerHTML = "<div>Demo</div>";
```
The HTML now will be like
```html
<div id="demo">
<div>Demo</div>
</div>
```
***SECURITY CONSIDERATIONS***
The value that's set to `innerHTML` should come from trusted sources, since Javascript will put anything inside that element and it will be run as plain HTML.
Example:
Setting a "`<script>alert();</script>`" value will cause the Javascript "alert()" function to be fired:
```javascript
var element = document.getElementById("demo");
element.innerHTML = "<script>alert();</script>";
```
This type of attack is called [Cross Site Scripting, or XSS for short](https://en.wikipedia.org/wiki/Cross-site_scripting).
This is one of the most common ways of committing an XSS attack. If you want to learn a little bit more and learn to defend against it, [check out this resource](https://xss-game.appspot.com/)
Reference in New Issue Copy Permalink