At Security best practices page you can read at the top:
insert strings using safe native DOM manipulation methods:
document.createElement()
,Element.setAtttribute()
, andNode.textContent
.
Is there any adventage while using Element.setAttribute("id", "a")
vs Element.id = "a"
?