Document: parseHTMLUnsafe() static method
Limited availability
This feature is not Baseline because it does not work in some of the most widely-used browsers.
The parseHTMLUnsafe() static method of the Document object is used to parse a string of HTML, which may contain declarative shadow roots, in order to create a new Document instance.
The suffix "Unsafe" in the method name indicates that, while <script> elements are not evaluated during parsing, the method does not sanitize other potentially unsafe XSS-relevant input.
The resulting Document will have a content type of "text/html", a character set of UTF-8, and a URL of "about:blank"
Syntax
js
Document.parseHTMLUnsafe(input)
Parameters
html-
A string of HTML to be parsed.
Return value
A Document.
Exceptions
None.
Specifications
| Specification |
|---|
| HTML Standard # dom-parsehtmlunsafe |
Browser compatibility
BCD tables only load in the browser
See also
DOMParser.parseFromString()for parsing HTML or XML into a DOM treeElement.setHTMLUnsafe