Translations:DOM-based XSS/13/en

This is generally good practice, but remember that users are allowed to make elements with arbitrary data attributes too, so any information taken from a data attribute (e.g. using jQuery's $1) should be treated as untrusted input and validated.