I wonder how many devs who have an atavistic rejection of using eval realise that innerHTML is even more dangerous and also evaluates code. How many of them religiously avoid eval, even when it would be the best solution but then ‘innerHTML’ everything?