Web platform features explorer - Unsanitized HTML parsing methods

Web platform features explorer

The Document.parseHTMLUnsafe() static method parses HTML into a DOM tree, while the setHTMLUnsafe() method of Element and ShadowRoot parses and inserts HTML into an existing tree. No sanitization applies to these methods, so never call them with user-provided HTML strings.

Status

Limited availability

MDN documentation

Document: parseHTMLUnsafe() static method

Specifications

HTML (#unsafe-html-parsing-methods), from HTML Workstream (WHATWG).

Browser support

Chrome 124 Released on 2024-04-16
Chrome Android 124 Released on 2024-04-16
Edge 124 Released on 2024-04-18
Firefox 128 Released on 2024-07-09
Firefox for Android 128 Released on 2024-07-09
Safari ❌
Safari on iOS ❌

Baseline availability blocked since July 2024 by Safari (13 months)

Developer signals

State of HTML 2024: features/all_features question
State of HTML 2024: content/content_features question

Usage (according to Chrome Platform Status)

~0.011% of page loads. More data at chromestatus.

Web Platform Tests (WPT)

View the latest WPT test results for this feature

View as JSON | Edit this feature | Report an issue | Web-features entry: source, dist