Web features explorer

Sanitizer API

Limited availability

The Document.parseHTML() static method and the setHTML() method of Element and ShadowRoot objects parse and insert HTML into the DOM in a way that can prevent cross-site scripting attacks. The Sanitizer API can customize the sanitization process.

Browser support

  • Chrome Not supported Bugs: 40138584 1428276 1101982
  • Chrome Android Not supported
  • Edge Not supported
  • Firefox 148 Released on 2026-02-24
  • Firefox for Android 148 Released on 2026-02-24
  • Safari Not supported
  • Safari on iOS Not supported

Need this feature?
Leave a 👍 on the feedback issue
Don't forget to also leave a comment explaining your specific use case.

MDN documentation

Specifications