setHTMLUnsafe method
The setHTMLUnsafe()
method of the Element interface is used to
parse a string of HTML into a DocumentFragment, which then replaces the
element's subtree in the DOM.
The input HTML may include
declarative shadow roots.
The suffix "Unsafe" in the method name indicates that the method does not
sanitize or remove potentially unsafe XSS-relevant input, such as
<script>
elements, and script or event handler content attributes.
If the string of HTML defines more than one
declarative shadow root
in a particular shadow host then only the first ShadowRoot is created —
subsequent declarations are parsed as <template>
elements within that
shadow root.
Note: This method should be used instead of Element.innerHTML when a string of HTML may contain declarative shadow roots.
Implementation
external void setHTMLUnsafe(JSAny html);