Using innerHTML poses a potential security concern and may allow malicious JavaScript to execute. Instead, use Node.textContent to set plain text. To interact with DOM nodes, use the native DOM APIs.
Disallow the use of 'innerHTML' in all its forms. This includes innerHTML,
outputHTML, and insertAdjacentHTML.
Example of incorrect code:
element.innerHTML = '<foo></foo>';
element.outerHTML = '<foo></foo>';
element.insertAdjacentHTML = '<foo></foo>';Example of correct code:
element.textContent = 'foo';