<script> alert("hi") </script>
template.innerHTML = "<div> hi </div>"
I wonder if people actually know what tagged literals are in JS.
is nothing more than a single function call with, you guessed it, a string
No amount of word twisting and wishful thinking can change that. I really advise you to look at what lit-html does such as diligently parsing this string looking for tags and markers: github.com/Polymer/lit-html/blob/m...
And no. the browser does not know how to "parse this string as HTML". Because it's just a string, it's handled as a string, and is used a string, and nothing else.
Im fine with it being string blobs, string parsing is much faster than html parsing.
Well, it's a drop more complicated than that. Tagged template literals know about their static and dynamic parts. And lit-html uses template tags and weakmaps for fast parsing and efficient storage.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.