you can insert any HTML tags including <script>;
you can not call any JS function (software/component does not have such functionality), and inserted script using innerHTML is not executed automatically.
Note that removeChild, will remove just inserted image, so your HTML code stays unaffected.
In process of testing one of our automation software I hit interesting Windows 7 bug. First I found it in our software, and right away tested this scenario on Windows 7, and bug was there.
The bug. Create folder on the Desktop.
New folder appears and cursor blinks allowing to change the name for the folder.
Place cursor at the end of folder name, and enter dot (.) character.
After pressing Enter key the folder disappears.
But do not worry, it will come back after reboot, or after refresh (F5 key).
Appears that this bug/behavior… that only Windows 7 is affected. Other Windows versions I tested does not have this bug, even Windows XP and upcoming Windows 8 behaves correctly (see screenshots at the end of the post).
A side note. By “correctly” in this case I mean, that folder does not disappear, however perhaps, there is another bug. The dot “.” character disappears in all Windows versions. This of course depends on interpretation, for example, I also tested this on Ubuntu 10, and Ubuntu (and probably most nixes) allows dot (.) at the end of filename.
Why this happens? Every filename consists of two parts: filename and extension. These two parts are separated by dot (.) character. Windows Shell hides this dot from you, and when you enter “filename.”, it thinks, that this must be a filename without extension, so it stores only filename. In theory you should be able to trick shell by adding more dots, like “filename…”, but Windows 7 Shell reduces them to no dot. Of course you can create file or folder with one or more dots at the end, but for this you will need a normal file manager, like Far Manager (which is open source). Also, keep in mind, that you will not be able to delete this file or folder from desktop using Windows Shell, you will need to switch to file manager again.
Note 1. Windows Server 2008 R2 is based on the same codebase, so it has the same bug.
Note 2. Operating Systems used in the test: