innertHTML
is a good function. But if you wrote a code in a wrong way, or if you misused this code, it can be used to infiltrate your web app.
In this article I explained why it can be bad if misused with code samples. If you like to read the article
The alternative with this one is using setHTML(
function. The downside with this one is that, its still in its experimental state so other browsers might not support this function.