Sanitizer API
The parseHTML() method for the Document interface and the setHTML() methods for the Element and ShadowRoot interfaces parse and insert HTML into the DOM in a way that can prevent cross-site scripting attacks. The Sanitizer API can customize the sanitization process.
Status
Limited availability
MDN documentation
- Document: parseHTML() static method
- Element: setHTML() method
- HTML Sanitizer API
- Sanitizer: Sanitizer() constructor
- Sanitizer: allowAttribute() method
- Sanitizer: allowElement() method
- Sanitizer: get() method
- Sanitizer: removeAttribute() method
- Sanitizer: removeElement() method
- Sanitizer: removeUnsafe() method
- Sanitizer: replaceElementWithChildren() method
- Sanitizer: setComments() method
- Sanitizer: setDataAttributes() method
- ShadowRoot: setHTML() method
Specifications
- HTML Sanitizer API, from Web Platform Incubator Community Group (W3C).
Browser support
- Chrome ❌
- Chrome Android ❌
- Edge ❌
- Firefox ❌
- Firefox for Android ❌
- Safari ❌
- Safari on iOS ❌
Web Platform Tests (WPT)
View the latest WPT test results for this featureView as JSON | Edit this feature | Report an issue | Web-features entry: source, dist