The createElement API has 2 advantages:
Using createElement instead of appending HTML that contain input appended to it, such as:
will be safe from attribute injection without using escapeHTML, such as:
and from XSS if current method is used (in above link text instead of html) , this code pattern will decrease the chance of introducing XSS vulnerabilities.
it's might be faster (probably, at least many comments on SO suggest so, but other says otherwise)
I have made the changes in the 2 above mentioned locations #12907.
@emanuelb If there are any other location where this change is suitable please post their link here.
Fixed by #12907.