Sanitizer API
The parseHTML()
method for the Document
interface and the setHTML()
methods for the Element
and ShadowRoot
interfaces parse and insert HTML into the DOM in a way that can prevent cross-site scripting attacks. The Sanitizer
API can customize the sanitization process.
Status
Limited availability
MDN documentation
- Document: parseHTML() static method
- Element: setHTML() method
- Sanitizer
- Sanitizer: Sanitizer() constructor
- Sanitizer: allowAttribute() method
- Sanitizer: allowElement() method
- Sanitizer: get() method
- Sanitizer: removeAttribute() method
- Sanitizer: removeElement() method
- Sanitizer: removeUnsafe() method
- Sanitizer: replaceElementWithChildren() method
- Sanitizer: setComments() method
- Sanitizer: setDataAttributes() method
- ShadowRoot: setHTML() method
Specifications
- HTML Sanitizer API, from Web Platform Incubator Community Group (W3C).
Browser support
- Chrome ❌
- Chrome Android ❌
- Edge ❌
- Firefox ❌
- Firefox for Android ❌
- Safari ❌
- Safari on iOS ❌
View as JSON | Edit this feature | Report an issue | Web-features entry: source, dist