The setHTML() method of the Element interface provides an XSS-safe method to parse and sanitize a string of HTML into a DocumentFragment, and then insert it into the DOM as a subtree of the element.

Lobsters is a community-driven platform for sharing and discussing links to articles, tutorials, and projects related to technology and programming. Readers can learn about a wide range of topics, from software development and system administration to cybersecurity and artificial intelligence. With user submissions, comments, and voting, Lobsters provides a platform for collaborative learning and knowledge sharing among technology enthusiasts.

Lobsters

The setHTML() method is an experimental Web API that provides XSS-safe HTML parsing and sanitization. It parses HTML strings, removes unsafe elements and attributes (like script tags and onclick handlers), and inserts the sanitized content into the DOM. The method accepts optional sanitizer configurations but always strips XSS-unsafe entities regardless of configuration. It's designed as a secure alternative to innerHTML for handling untrusted HTML content.

Element: setHTML() method - Web APIs

<p>Cool now we just need to wait for it to be in the browsers 😂 but seriously this will be useful.</p>
