Sanitizer API
The Document.parseHTML() static method and the setHTML() method of Element and ShadowRoot objects parse and insert HTML into the DOM in a way that can prevent cross-site scripting attacks. The Sanitizer API can customize the sanitization process.
Status
Limited availability
MDN documentation
Specifications
- HTML (#html-sanitization), from HTML Workstream (WHATWG).
Browser support
- Chrome ❌ See issues.chromium.org/issues/40138584 crbug.com/1428276 crbug.com/1101982
- Chrome Android ❌
- Edge ❌
- Firefox 148 Released on 2026-02-24
- Firefox for Android 148 Released on 2026-02-24
- Safari ❌
- Safari on iOS ❌
Web Platform Tests (WPT)
View the latest WPT test results for this featureDeveloper votes
Do you need this feature?
Let us know by leaving a 👍 reaction on the feedback issue. Don't forget to also leave a comment explaining your specific use case.
View as JSON | Edit this feature | Report an issue | Web-features entry: source, dist