* Skip to main content <#document-main> * Select language <#language> * Skip to search <#q> mozilla Mozilla Developer Network * Sign in with Sign in // // o //Persona o //GitHub * Web Platform// Technologies o HTML o CSS o JavaScript o Graphics o APIs / DOM o Apps o MathML References & Guides o Learn the Web o Tutorials o References o Developer Guides o Accessibility o Demos o ...more docs * Mozilla Docs// o Add-ons o Firefox o Firefox Marketplace o Firefox OS o Persona * Developer Tools * Demos * Connect * // * Search // Search * Languages// o Español o Français o 日本語 o Polski o Português (do Brasil) o 中文 (简体) o Add a translation * Edit// * Advanced// Advanced o History o Print this page <#> 1. MDN 2. Web technology for developers 3. Web API Interfaces 4. Element 5. Element.innerHTML // //// <#> Your Search Results // Element.innerHTML by 39 contributors: * cvrebert * fscholz * Dattaya * teoli * kscarfone * vishu_gawli * biscuitsandtea * Sheppy * timdown * mathiasbynens * nzakas * jaffathecake * PlayMyCode * * * * * * * * * * * * * * * * * * * * * * * * * * Show all…contributors / /Show Sidebar <#show-quick-links> In This Article// <#toc> 1. Syntax <#Syntax> 2. Example <#Example> 3. Notes <#Notes> 1. Security considerations <#Security_considerations> 4. Specification <#Specification> 5. See also <#See_also> The *|Element.innerHTML|* property sets or gets the HTML syntax describing the element's descendants. *Note: *If a |
| , || , or || </en-US/docs/Web/HTML/Element/noembed> node has a child text node that includes the characters |(&), (<),| or |(>)|, |innerHTML| returns these characters as &amp, &lt and &gt respectively. Use |Node.textContent| </en-US/docs/Web/API/Node/textContent> to get a correct copy of these text nodes' contents. Syntax /var content/ = /element/.innerHTML; On return, |content| contains the serialized HTML code describing all of the |element|'s descendants. / element/.innerHTML = content; Removes all of |element|'s children, parses the |content| string and assigns the resulting nodes as children of the |element|. Example |<html> <head></head> <body> <div id="txt"> <script id="txt0"> x=0 </script> <noembed id="txt1"> 1 2
4
6
| |// HTML: //

Content

//

Further Elaborated

//
d = document.getElementById("d"); dump(d.innerHTML); // the string "

Content

Further Elaborated

" // is dumped to the console window | Notes This property provides a simple way to completely replace the contents of an element. For example, the entire contents of the document body can be deleted by: |document.body.innerHTML = ""; // Replaces body content with an empty string. | The |innerHTML| property of many types of elements—including || or || —can be returned or replaced. It can also be used to view the source of a page that has been modified dynamically: |// Copy and paste into address bar as a single line javascript:"
"+document.documentElement.innerHTML.replace(/";
|

This property was initially implemented by web browsers, then specified
by the WHATWG and W3C in HTML5. Old implementations may not all
implement it exactly the same way. For example, when text is entered
into a text input, Internet Explorer changes the value attribute of the
input's |innerHTML| property but Gecko browsers do not.


      Security considerations

It is not uncommon to see |innerHTML| used to insert text in a web page.
This comes with a security risk.

|var name = "John";
// assuming el is an HTML DOM element
el.innerHTML = name; // harmless in this case

// ...

name = "";
el.innerHTML = name; // harmless in this case
|

Although this may look like a cross-site scripting  attack, the result is harmless. HTML5 specifies that a |