Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148
Summary
Mozilla Hacks explains the XSS threat and introduces the Sanitizer API and setHTML in Firefox 148 to sanitize untrusted HTML by default. It also discusses CSP history and how Sanitizer API can pair with Trusted Types to reduce risk and simplify secure HTML insertion for developers.