The proper way to append text (constrast with appending HTML) would be:
var someText = "Hello, World!";
$('#msg').append(document.createTextNode(someText));
If someText is coming from user input or anything else, it will be properly HTML-escaped. Which should prevent JavaScript injection, the 3rd most common web security vulnerability in the world.
From https://stackoverflow.com/a/944456/122441