Document: parseHTMLUnsafe() static method
Baseline 2024Newly available
Since July 2024, this feature works across the latest devices and browser versions. This feature might not work in older devices or browsers.
The parseHTMLUnsafe()
static method of the Document
object is used to parse a string of HTML, which may contain declarative shadow roots, in order to create a new Document
instance.
The suffix "Unsafe" in the method name indicates that, while <script>
elements are not evaluated during parsing, the method does not sanitize other potentially unsafe XSS-relevant input.
The resulting Document
will have a content type of "text/html", a character set of UTF-8, and a URL of "about:blank"
Syntax
Document.parseHTMLUnsafe(input)
Parameters
html
-
A string of HTML to be parsed.
Return value
A Document
.
Exceptions
None.
Specifications
Specification |
---|
HTML # dom-parsehtmlunsafe |
Browser compatibility
Report problems with this compatibility data on GitHubdesktop | mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
parseHTMLUnsafe() static method |
Legend
Tip: you can click/tap on a cell for more information.
- Full support
- Full support
- Partial support
- Partial support
- No support
- No support
- Has more compatibility info.
See also
DOMParser.parseFromString()
for parsing HTML or XML into a DOM treeElement.setHTMLUnsafe