Tested with Chrome, Firefox and Safari.
The following code will not trigger an alert.
target.innerHTML = "<script> alert('XSS Attack'); </script>";
The following code will trigger an alert.
target.innerHTML = "<img src=x onerror=\"alert('XSS Attack')\" >";
Good note!