Well, the name SetHTML, or let's say:

    .set_html()

Makes objectively more sense than:

    .inner_html()
    .inner_html =
    .set_inner_html()

It is a fairly small thing, but ... really. One day someone should clean up the mess that is JavaScript. Guess it will never happen, but JavaScript has so many strange things ...

I understand that this here is about protection against attacks rather than a better API design, but really - APIs should ideally be as great as possible the moment they are introduced and shown to the public.

▲ lloydatkinson 9 hours ago | parent [-]

To be pedantic that’s the DOM API, which is exposed to JavaScript.

The DOM API has always felt like, and still does, it was written by people that have never made an API.

▲

pier25 7 hours ago | parent [-]

I don't think that's pedantic. Seems like a valid objection to me.

So many issues in the client JS world originate from insufficient or bad browser APIs.

	▲	lloydatkinson 5 hours ago \| parent [-]
		I don’t really think it’s pedantic it’s just that unless you preface a lot of comments on HN these days, you’ll get a lot of whataboutism and straw man arguments.