web-feature: Unsanitized HTML parsing methods

baseline logo Widely available

The Document.parseHTMLUnsafe() static method parses HTML into a DOM tree, while the setHTMLUnsafe() method of Element and ShadowRoot parses and inserts HTML into an existing tree. No sanitization applies to these methods, so never call them with user-provided HTML strings.

WKWebView

macOS

*

iOS

17.4

Android WebView

Android

124

WebView2

Windows

*

Chrome Browser

Android

124

Safari Browser

iOS

17.4

Notes

Support data provided by: BCD logo

Know something we don't?

Is any of the above data outdated? Or do you want to add a new WebView to the list? Heads on to GitHub and edit the data file!

Edit this page on GitHub Report an issue on GitHub

Not comfortable with GitHub? Send us an email.

Please help us keeping this data updated

This feature was last updated on July 09, 2024.