Summit.js
UI Library Techniques
Directives

s-html

s-html sets an element's innerHTML to the value of an expression and re-runs when that value changes. Reach for it when the content itself is markup, for example a fragment rendered on the server or returned from a fetch.

Source
<div s-data="{ note: '<strong>Saved</strong> just now' }">
  <p s-html="note"></p>
</div>

Unlike s-text, the string is parsed as HTML, so the <strong> above becomes real bold text.

Injected markup is initialized

After setting the HTML, Summit walks the new children and initializes any Summit directives it finds, using the surrounding component's scope. A fragment that arrives with s-text or @click on it becomes reactive right away, with no extra step.

Only use it on trusted content

Setting innerHTML from untrusted input is an XSS vulnerability. A string containing a <script> tag or an onerror handler can run code in your page. Never point s-html at anything a user typed, a URL parameter, or a third-party response you do not control.

If the source is not fully trusted, use s-text instead, which escapes everything it renders.

Esc
Loading search...
Recent
Suggested
No results for "".
to navigate to select esc to close