How it works:
The unsafe section directly inserts your input as HTML (innerHTML), while the safe section treats it as plain text (textContent). Try entering: <script>alert('XSS')</script>, <img src=x onerror=alert('XSS')>, or <div onclick="alert('XSS')">Click me</div>