Ideally you should be able to set a global property somewhere (as a web developer) that disallows outdated APIs like `innerHTML`, but with the Big Caveat that your website will not work on browsers older than X. But maybe there's web standards for that already, backup content if a browser is considered outdated.

▲ cxr 3 hours ago | parent | next [-]

It's not an "outdated API". It's still good for what it was always meant for: parsing trusted, application-generated markup and atomically inserting it into the content tree as a replacement for a given element's existing children.

> set a global property somewhere (as a web developer) that disallows[…] `innerHTML`

    Object.defineProperty(Element.prototype, "innerHTML", {
      set: (() => { throw Error("No!") })
    });

(Not that you should actually do this—anyone who has to resort to it in their codebase has deeper problems.)

▲ staticassertion 8 hours ago | parent | prev | next [-]

Doesn't using TrustedTypes basically do that? I'm not really web-y, someone please correct me if I'm off.

	▲	madeofpalk 7 hours ago \| parent [-]
		Yup, this is basically what TrustedTypes is for!

▲ afavour 8 hours ago | parent | prev [-]

I like the idea of that. But I imagine linting rules are a much more immediate answer in a lot of projects.