I get from an api request a string. This string contains html and javascript. Is it possible to embed and execute it? XSS can be ignored. The code below doesn't work.
<html>
<head></head>
<body>
<p id='myid'></p>
</body
<script>
const p = document.getElementById("myid");
const stringfromapi=String.raw("<b style='background-color=black'>11111</b><script>alert(1)</script>");
p.innerHTML +=stringfromapi;
</script>
</html>
