files/en-us/web/api/htmlscriptelement/innertext/index.md
{{APIRef("HTML DOM")}}
[!WARNING] This property represents the text content of a script element, which may be executable depending on the script type. APIs like this are known as injection sinks, and are potentially a vector for cross-site scripting (XSS) attacks.
You can mitigate this risk by always assigning {{domxref("TrustedScript")}} objects instead of strings and enforcing trusted types. See Security considerations for more information.
The innerText property of the {{domxref("HTMLScriptElement")}} interface represents the text content of the {{HTMLElement("script")}} element.
It behaves in the same way as the {{domxref("HTMLScriptElement.textContent","textContent")}} and {{domxref("HTMLScriptElement.text","text")}} properties.
Getting the property returns a string containing the scripts's text.
Setting the property accepts either a {{domxref("TrustedScript")}} object or a string.
TypeError
The innerText property of the {{domxref("HTMLScriptElement")}} interface represents the text content inside the {{HTMLElement("script")}} element.
For an executable script (that is, a script whose {{domxref('HTMLScriptElement/type','type')}} indicates that it is a module or classic script), this text is inline executable code. For other types it might represent an import map, speculation rules, or some other kind of data block.
Note that if the {{domxref('HTMLScriptElement/src','src')}} property is set the content of the innerText property is ignored.
The innerText property is also defined on {{domxref("HTMLElement.innerText","HTMLElement")}} and can hence be used with other elements.
When used with other elements, the property does not expect or enforce the assignment of a {{domxref("TrustedScript")}}.
See security considerations in {{domxref("HTMLScriptElement.textContent")}} (the considerations are the same for text, textContent and innerText properties).
See the examples in {{domxref("HTMLScriptElement.textContent")}}.
{{Specifications}}
{{Compat}}