innertHTML
is a good function. But if you wrote a code in a wrong way, or if you misused this code, it can be used to infiltrate your web app.
In this article I explained why it can be bad if misused with code samples. If you like to read the article HERE
The alternative with this one is using setHTML(<value>)
function. The downside with this one is that, its still in its experimental state so other browsers might not support this function.