Some like to DOM their way around. Others prefer the simplicity of innerHTML. Julien Lecomte, of Yahoo!, wrote up his thoughts on the problems with innerHTML.
Julien first points out some issues:
* Improper handling of the innerHTML property can enable script-injection attacks on Internet Explorer when the HTML string contains a script tag marked as defered: script defer...script
* Setting innerHTML will destroy existing HTML elements that have event handlers attached to them, potentially creating a memory leak on some browsers.
* You don’t get back a reference to the element(s) you just created, forcing you to add code to retrieve those references manually (using the DOM APIs…)
* You can’t set the innerHTML property on all HTML elements on all browsers (for instance, Internet Explorer won’t let you set the innerHTML property of a table row element)
He then puts together Douglas Crockfords purge and some code to clean up script tags, arriving at:
YAHOO.util.Dom.setInnerHTML = function (el, html) {
el = YAHOO.util.Dom.get(el);
if (!el || typeof html !== 'string') {
return null;
}
// Break circular references.
(function (o) {
var a = o.attributes, i, l, n, c;
if (a) {
l = a.length;
for (i = 0; i = l; i += 1) {
n = a[i].name;
if (typeof o[n] === 'function')
o[n] = null;
}
}
}
a = o.childNodes;
if (a) {
l = a.length;
for (i = 0; i = l; i += 1) {
c = o.childNodes[i];
// Purge child nodes.
arguments.callee(c);
// Removes all listeners attached to the element via YUI's addListener.
YAHOO.util.Event.purgeElement(c);
}
}
})(el);
// Remove scripts from HTML string, and set innerHTML property
el.innerHTML = html.replace(/