From what I understand, setting innerHTML on an element is bad, because if the new contents come from users, a malicious user can use it to inject <script> tags and other harmful content.
As demonstrated by this question, there are now about eight different alternative tags (with some non-standard).
In my case, I want to be able to insert actual html tags like <b> and <i>, and even <a>.
But I never need <script> to be inserted.
Is there a standardized best-practice alternative to innerHTML using vanilla Javascript?