Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148
Privacy Guides Community [Unofficial]
February 25, 2026
Mozilla Hacks – the Web developer blog
Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 –...
Cross-site scripting (XSS) remains one of the most prevalent vulnerabilities on the web. The new standardized Sanitizer API provides a straightforward way for web developers to sanitize untrusted HTML before inserting it into the DOM. Firefox 148 is...
Est. reading time: 3 minutes
Discussion in the ATmosphere