I am trying to perform an XSS aon my friend's websites, but they all use innerText instead of innerHTML.
Is there anyway that I can bypass innerText and perform attacks like those that are possible with innerHTML?
innerHTML is dangerous like Cross Site Scripting you mentioned because you can add javascript via your HTML like,
<img src="https://placehold.co/600x400" onload="javascript:alert('hacked')" />
so it is safe to use innerText instead.
so therefore, there is not a way to inject js into innerText.