Reputation: 912
I am using that block of code and bring told by a code validator that this should be sanitized.
What is wrong with it and how can i sanitize it?
el1 = document.getElementById('quote'); //this is fine
el1.innerHTML = quoteNew; //this should be sanitized
Upvotes: 2
Views: 4926
Reputation: 196306
If the contents of quoteNew
are just text to display, then use the textContent
property of the element.
el1.textContent = quoteNew;
Upvotes: 5