The parseHTMLUnsafe()
static method of the Document
object is used to parse a string of HTML, which may contain declarative shadow roots, in order to create a new Document
instance.
The suffix "Unsafe" in the method name indicates that, while <script>
elements are not evaluated during parsing, the method does not sanitize other potentially unsafe XSS-relevant input.
The resulting Document
will have a content type of "text/html", a character set of UTF-8, and a URL of "about:blank"