Since July 2024, this feature works across the latest devices and browser versions. This feature might not work in older devices or browsers.
The parseHTMLUnsafe() static method of the Document object is used to parse a string of HTML, which may contain declarative shadow roots, in order to create a new Document instance.
The suffix "Unsafe" in the method name indicates that, while <script> elements are not evaluated during parsing, the method does not sanitize other potentially unsafe XSS-relevant input.
The resulting Document will have a content type of "text/html", a character set of UTF-8, and a URL of "about:blank"
Document.parseHTMLUnsafe(input)
htmlA string of HTML to be parsed.
A Document.
None.
| Specification |
|---|
| HTML Standard # dom-parsehtmlunsafe |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Opera | Safari | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | WebView Android | ||
parseHTMLUnsafe_static |
124 | 124 | 128 | 110 | 17.4 | 124 | 128 | 82 | 17.4 | No | 124 | |
DOMParser.parseFromString() for parsing HTML or XML into a DOM treeElement.setHTMLUnsafe
© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Document/parseHTMLUnsafe_static