Document: parseHTMLUnsafe() static method

Limited availability

This feature is not Baseline because it does not work in some of the most widely-used browsers.

The parseHTMLUnsafe() static method of the Document object is used to parse a string of HTML, which may contain declarative shadow roots, in order to create a new Document instance.

The suffix "Unsafe" in the method name indicates that, while <script> elements are not evaluated during parsing, the method does not sanitize other potentially unsafe XSS-relevant input.

The resulting Document will have a content type of "text/html", a character set of UTF-8, and a URL of "about:blank"

Syntax

js
Document.parseHTMLUnsafe(input)

Parameters

html

A string of HTML to be parsed.

Return value

Exceptions

None.

Specifications

Specification
HTML Standard
# dom-parsehtmlunsafe

Browser compatibility

BCD tables only load in the browser

See also