This is a public service announcement. element.textContent and document.createTextNode are dangerous DOM methods. They can easily lead to XSS vulnerabilities in your application. We’ll find out how by looking at two common – but flawed – applications of these methods: stripping and escaping HTML. Stripping tags with element.textContent What does element.textContent do? (element.innerText in old IE