While I get why they are adding this, could they not have chosen a less confusing name? setHTML tells me that it will directly set HTML into the object, not filter it. setSafeHTML, setHTMLClean,...
While I get why they are adding this, could they not have chosen a less confusing name? setHTML tells me that it will directly set HTML into the object, not filter it. setSafeHTML, setHTMLClean, or even better something like innerHTMLSafe would be far better and less confusing.
On the one hand you're correct the name is not as informative as it could be, especially given the reason the new method and feature were created. On the other hand if the method is named...
On the one hand you're correct the name is not as informative as it could be, especially given the reason the new method and feature were created.
On the other hand if the method is named setHtmlClean(), that immediately implies to the developer that there is another one that isn't. Which would make any new developer immediately wonder which one is the "right" one to use in their situation leading to confusion. If the answer (I'm making assumption on Mozilla's part) is "never, always use this sanitize method" then naming it the way they did makes sense. It makes it harder to accidentally make the wrong decision if you are new or just in a hurry.
This is especially true if the node.innerHtml setter is deprecated in the future. Given that there are configuration options to change how strict the sanitation is, this allows for unsafe/sanitized html if you need it but you have to make the decision to do it instead of it being unsafe by default.
There are only 2 hard problems in computer science:
While I get why they are adding this, could they not have chosen a less confusing name? setHTML tells me that it will directly set HTML into the object, not filter it. setSafeHTML, setHTMLClean, or even better something like innerHTMLSafe would be far better and less confusing.
On the one hand you're correct the name is not as informative as it could be, especially given the reason the new method and feature were created.
On the other hand if the method is named
setHtmlClean(), that immediately implies to the developer that there is another one that isn't. Which would make any new developer immediately wonder which one is the "right" one to use in their situation leading to confusion. If the answer (I'm making assumption on Mozilla's part) is "never, always use this sanitize method" then naming it the way they did makes sense. It makes it harder to accidentally make the wrong decision if you are new or just in a hurry.This is especially true if the
node.innerHtmlsetter is deprecated in the future. Given that there are configuration options to change how strict the sanitation is, this allows for unsafe/sanitized html if you need it but you have to make the decision to do it instead of it being unsafe by default.There are only 2 hard problems in computer science: