setHTMLUnsafe method

void setHTMLUnsafe(
  1. JSAny html
)
inherited

The setHTMLUnsafe() method of the Element interface is used to parse a string of HTML into a DocumentFragment, which then replaces the element's subtree in the DOM. The input HTML may include declarative shadow roots.

The suffix "Unsafe" in the method name indicates that the method does not sanitize or remove potentially unsafe XSS-relevant input, such as <script> elements, and script or event handler content attributes.

If the string of HTML defines more than one declarative shadow root in a particular shadow host then only the first ShadowRoot is created — subsequent declarations are parsed as <template> elements within that shadow root.

Note: This method should be used instead of Element.innerHTML when a string of HTML may contain declarative shadow roots.

Implementation

external void setHTMLUnsafe(JSAny html);