www.fgks.org   »   [go: up one dir, main page]
Welcome  |  Sign In
 | 
Click to Rate and Give Feedback
Properties
 innerHTML Property
innerHTML Property

Sets or retrieves the HTML between the start and end tags of the object.

Syntax

HTMLN/A
Scripting[ sHTML = ] object.innerHTML

Possible Values

sHTMLString that specifies or receives the content between the start and end tags.

The property is read/write for all objects except the following, for which it is read-only: COL, COLGROUP, FRAMESET, HEAD, HTML, STYLE, TABLE, TBODY, TFOOT, THEAD, TITLE, TR. The property has no default value.

Expressions can be used in place of the preceding value(s), as of Microsoft® Internet Explorer 5. For more information, see About Dynamic Properties.

Remarks

The innerHTML property is valid for both block and inline elements. By definition, elements that do not have both an opening and closing tag cannot have an innerHTML property.

The innerHTML property takes a string that specifies a valid combination of text and elements. When the innerHTML property is set, the given string completely replaces the existing content of the object. If the string contains HTML tags, the string is parsed and formatted as it is placed into the document.

This property is accessible at run time as the document is being parsed; however, removing elements at run time, before the document is fully loaded, could prevent other areas of the document from rendering.

When using innerHTML to insert script, you must include the DEFER attribute in the script element.

security note Security Alert   Improper handling of the innerHTML property can enable script-injection attacks. When accepting text from an untrusted source (such as the query string of a URL), use createTextNode to convert the HTML to text, and append the element to the document using appendChild. Refer to the Examples section below for more information.

You can change the value of the title element using the document.title property.

To change the contents of the table, tFoot, tHead, and tr elements, use the table object model described in How to Build Tables Dynamically. However, to change the content of a particular cell, you can use innerHTML.

To maintain compatibility with earlier versions of Windows Internet Explorer, this property applies to the textArea object. However, the property works only with strings that do not contain tags. With a string that contains a tag, this property returns an error. It is better to use the innerText property with this object.

Examples

This example uses the innerHTML property to change the text of a paragraph when an onmouseover event occurs. The affected text and any tags within it are changed by the onmouseover and onmouseout events.

...
<P 
    >
    <I>Mouse over this text to change it.</I>
</P>
...
This feature requires Microsoft® Internet Explorer 4.0 or later. Click the following icon to install the latest version. Then reload this page to view the sample.

This example uses the innerHTML property to insert script into the page.

<HTML>
<SCRIPT>
function insertScript(){
    var sHTML="<input type=button go2()" + " value='Click Me'><BR>";
    var sScript="<SCRIPT DEFER>";
    sScript = sScript + "function go2(){ alert('Hello from inserted script.') }";
    sScript = sScript + "</SCRIPT" + ">";
    ScriptDiv.innerHTML = sHTML + sScript;
}    
</SCRIPT>
<BODY >
    <DIV ID="ScriptDiv"></DIV>
</BODY>
</HTML>
This feature requires Microsoft® Internet Explorer 4.0 or later. Click the following icon to install the latest version. Then reload this page to view the sample.

The following example demonstrates how to convert the HTML source to text using a temporary div element and createTextNode. Once the HTML is sanitized, it can be safely inserted into the document using innerHTML.

<body >

<script type="text/javascript">
function sanitizeHTML(s) {
    var d = document.createElement('div');
    d.appendChild(document.createTextNode(s));
    return d.innerHTML;
}

function displaySource()
{
    var h = sanitizeHTML(document.documentElement.outerHTML);
    document.getElementById('asHTML').innerHTML = "<pre>" + h + "</pre>";
    document.getElementById('asText').innerText = h;
}
</script>

<h2>As HTML</h2>
<div id="asHTML"></div>
<h2>As Text</h2>
<div id="asText"></div>

</body>
This feature requires Microsoft® Internet Explorer 4.0 or later. Click the following icon to install the latest version. Then reload this page to view the sample.

Standards Information

There is no public standard that applies to this property.

Applies To

A, ABBR, ACRONYM, ADDRESS, B, BDO, BIG, BLOCKQUOTE, BODY, BUTTON, CAPTION, CENTER, CITE, CODE, COL, COLGROUP, CUSTOM, DD, DEL, DFN, DIR, DIV, DL, DT, EM, FIELDSET, FONT, FORM, FRAMESET, HEAD, hn, HTML Comment, HTML, I, INS, KBD, LABEL, LEGEND, LI, LISTING, MAP, MARQUEE, MENU, nextID, NOBR, OL, OPTION, P, PRE, Q, RT, RUBY, S, SAMP, SCRIPT, SELECT, SMALL, SPAN, STRIKE, STRONG, STYLE, SUB, SUP, TABLE, TBODY, TD, TFOOT, TH, THEAD, TITLE, TR, TT, U, UL, VAR

See Also

insertAdjacentHTML, How to Build Tables Dynamically
Tags What's this?: Add a tag
Community Content
 
Add Community Content
How to inject NoScope elements into a page with innerHTML.      John Sudds - MSFT   |   Edit   |  

You can inject script with innerHTML, but it can be a little tricky. The example above works around this limitation, but doesn't really explain how it is done.

Internally, Internet Explorer treats the <script> tag as a NoScope element, which means (according to a rather opaque comment in the source) that "no text in a textrun should point to it." Examples of other tags that have this attribute are HTML comments (<!-- -->) and STYLE tags. All NoScope elements are removed from the beginning of the parsed HTML before it is injected with innerHTML or insertAdjacentHTML. To prevent this from happening, you must include at least one scoped element at the beginning of the injected HTML.

The following example injects a script block into the injectionDiv, but nothing happens.

<div id="injectionDiv">&nbsp;</div>
<script type="text/javascript">
   injectionDiv.innerHTML='<script defer>alert("hello");</' + 'script>';
</script>

To make it work, you must start the injected HTML string with a scoped element, preferably an invisible one like a hidden input element.

injectionDiv.innerHTML='<input type="hidden"/><script defer>alert("hello");</' + 'script>';

Note The strange '</' + 'script>' construct prevents the real SCRIPT block from closing prematurely.

The same rules apply to injected STYLE elements. All we have to do is put the style block after the element it modifies.

injectionDiv.innerHTML='<div class="myClass">&nbsp;</div><style type="text/css">.myClass{background-color:green;}</style>';

That said, you really should put all style rules in the HEAD for strict compliance with XHTML. Doing this can also be a little tricky because you cannot use innerHTML to inject into the HEAD or STYLE element directly. (Both of these tags are READ ONLY.) The best way to dynamically add styles to a page is to wait for the document to load, and then create the rule in a new style sheet.

window. 
{
    document.createStyleSheet().addRule('.myClass', 'background-color:blue!important;');
}

Source: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=909379&SiteID=1

Tags What's this?: Add a tag
something wrong???? bug????      kangGaia   |   Edit   |  

newTr.innerHTML = "<td>aaa</td><td>bbb</td>";

in IE7, when this line executed, first TD is disappeared

maybe it's bug?? anyone test this code and replay please~~

Tags What's this?: Add a tag
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker
DCSIMG