Element: setHTMLUnsafe() method

Baseline 2024
Newly available

Since July 2024, this feature works across the latest devices and browser versions. This feature might not work in older devices or browsers.

The setHTMLUnsafe() method of the Element interface is used to parse a string of HTML into a DocumentFragment, which then replaces the element's subtree in the DOM. The input HTML may include declarative shadow roots.

The suffix "Unsafe" in the method name indicates that the method does not sanitize or remove potentially unsafe XSS-relevant input, such as <script> elements, and script or event handler content attributes.

If the string of HTML defines more than one declarative shadow root in a particular shadow host then only the first ShadowRoot is created — subsequent declarations are parsed as <template> elements within that shadow root.

Note: This method should be used instead of Element.innerHTML when a string of HTML may contain declarative shadow roots.

Syntax

js
setHTMLUnsafe(html)

Parameters

html

A string defining HTML to be parsed.

Return value

None (undefined).

Exceptions

None.

Examples

The code below demonstrates how to parse a string of HTML and insert it into the Element with an id of target.

js
const value = "<p>This is a string of text</p>"; // string of HTML

// Get the Element with id "target" and set it with the string.
document.getElementById("target").setHTMLUnsafe(value);

// Result (as a string): "<p>This is a string of text</p>"

Specifications

Specification
HTML
# dom-element-sethtmlunsafe

Browser compatibility

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
setHTMLUnsafe

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support
No support
No support

See also