Unsanitized HTML parsing methods
Limited availability
The Document.parseHTMLUnsafe()
static method parses HTML into a DOM tree, while the setHTMLUnsafe()
method of Element
and ShadowRoot
parses and inserts HTML into an existing tree. No sanitization applies to these methods, so never call them with user-provided HTML strings.
Compatibility
- Chrome 124 Released on 2024-04-16
- Chrome Android 124 Released on 2024-04-16
- Edge 124 Released on 2024-04-18
- Firefox ❌ Search for bugs Search for standards position
- Firefox for Android ❌ Search for bugs Search for standards position
- Safari 17.4 Released on 2024-03-05
- Safari on iOS 17.4 Released on 2024-03-05