NO_DANGEROUS_HTML

Unsafe creation of DOM can be done a variety of ways:

• element.innerHTML
• element.outerHTML
• DOMParser.parseFromString()
• element.insertAdjacentHTML()
• srcdoc on iframe elements
• dangerouslySetInnerHTML prop in React apps

Usage of these methods is deemed an unsafe coding practice as the HTML might result in security vulnerabilities.

It is recommended to instead use alternative approaches for HTML construction - such as document.createElement() or a HTML sanitizer.