web applications

nonstandard property :: innerHTML (but is a de facto standard)

The innerHTML property is not part of the DOM. It isn’t part of any standard. It is a proprietary addition created by Microsoft.

Normally, I wouldn’t recommend using anything proprietary in JavaScript code (although the XMLHttpRequest object itself is a proprietary addition). However, the innerHTML property is exceptionally well supported, considering that it is nonstandard. It is, in effect, a de facto standard: it is supported in all the major browsers. The reason why innerHTML has been so widely adopted, without any endorsement from the W3C, is that it is very useful in certain situations.

DOM methods allow you to manipulate a document very precisely. You can create elements, attributes, and text, one node at a time. That is very powerful, but it is also quite time-consuming.

The innerHTML property uses brute force. If you read the innerHTML property of an element, you will receive a string of HTML. This is a read/write property, meaning that you can also assign a string of HTML to go inside an element.

Any HTML that was previously inside the element will be obliterated and replaced with the contents of the string.

Making Your Web Applications More Secure

Another great article explaining about possible attacks on Web – based applications. I more considerable about this type of articles as i have developed so many web applications and still working on big projects. This articles reminded me of my mistake i have done in past. This articles is written by Nadav Samet on his blog. In this article he talks about most common possible attacks:

  • SQL Injection Attacks
  • XSRF: Cross-Site Request Forgery
  • XSS: Cross-Site Scripting

His explanations are simple and good enough to understand what he like to aware the world off. Here is the link:

p.s: the URL was long and creepy so i used amazing service tinyurl.com to convert it.

 Scroll to top