1. 2

  2. 2

    Using template strings as your render function is a really bad habit to get in to. The reason that people use tools like React is so that they can build dom nodes efficiently and safely!

    That’s it, I’m officially naming my kid “<script>alert(1)</script>”

    1. [Comment removed by author]

      1. 2
        var x = '<img src="https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png" onload="alert(1)">';
        var y = `foo ${x}`;
        document.body.innerHtml = y;