javascript – Why are scripts injected through innerHTML not executed whilst onerror and other on attributes on elements are? – Google XSS Challenge 2

SPOILER ALERT : Do not continue if you do not want to be spoiled

I am currently doing the Google XSS Challenge Level 2 .

I am injecting XSS code that is inserted into the document using element.innerHTML. I don’t understand why <script>alert("Foobar")</script> does not work but <img src="https://security.stackexchange.com/" onerror = "alert(1);" works.

I have tried looking at source code but I still don’t understand why. I am new to XSS, hence I would appreciate if you would make reference to the source code when formulating your answers.