Note querySelector returns the first match or null. querySelectorAll returns a static NodeList (does not auto-update). Use Array.from() if you need full array methods.
querySelectorselect elementget elementfind DOM elementCSS selector
Note append() accepts multiple nodes and strings. appendChild() only accepts one node. Prefer textContent over innerHTML to prevent XSS when inserting user-provided text.
create elementadd elementappendChildinsert DOMbuild DOM
Note The third argument can be a boolean (useCapture) or an options object { capture, once, passive, signal }. Use { once: true } for one-shot handlers.
Note Attach one listener to a parent instead of many on children. Works for dynamically added elements too. Use closest() to find the nearest matching ancestor.
event delegationdelegate eventsparent listenerdynamic elements eventsclosest
const output = document.querySelector("#output");
// textContent: safe, treats everything as text
output.textContent = "<b>Hello</b>"; // shows literal "<b>Hello</b>"// innerHTML: parses HTML (XSS risk with user input!)
output.innerHTML = "<b>Hello</b>"; // shows bold Hello// Safe alternative for HTMLconst tmpl = document.createElement("template");
tmpl.innerHTML = "<b>Hello</b>";
output.append(tmpl.content.cloneNode(true));
Note NEVER use innerHTML with unsanitized user input -- it is the #1 source of XSS vulnerabilities. Use textContent for plain text and createElement for dynamic HTML.
innerHTMLtextContentXSS preventionset HTMLinsert text