javascript - vulnerabilities of letting user define innerHTML -

let's have <textarea> , <div> element, , when user puts html, css, or whatever want), textarea, input set innerhtml of <div> element, using javascript.

what vulnerabilities of letting user define content of <div> element?

if content enter not leave page, there no more risk them editing dom through firebug or chrome inspector. if take input , display is, huge security risk when other users on website.