getHTML, setHTML, setHTMLUnsafe, declarative shadow DOM and sanitization

Anja Petry

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

New alternatives to innerHTML have been implemented in browsers. The setHTML function is a safe method that does not execute script, while setHTMLUnsafe is an unsafe method that poses a risk of XSS attacks. The Sanitizer API helps put the naming of setHTMLUnsafe in context. The setHTMLUnsafe function is useful for declarative shadow DOM. The getHTML function allows users to retrieve HTML content, with the ability to serialize shadow DOM.

New alternatives to innerHTML

<p>Once <code>setHtml</code> will land it will be so much easier and faster to send html over the wire with having to care about sanitization</p>


<p>Really good news, but we really had to wait for 2024 for this method?? 🤷</p>
