web-feature: Sanitizer API

The Document.parseHTML() static method and the setHTML() method of Element and ShadowRoot objects parse and insert HTML into the DOM in a way that can prevent cross-site scripting attacks. The Sanitizer API can customize the sanitization process.

WKWebView

macOS

*

iOS

*

Android WebView

Android

*

WebView2

Windows

*

Chrome Browser

Android

*

Safari Browser

iOS

*

Notes

Support data provided by: BCD logo

Know something we don't?

Is any of the above data outdated? Or do you want to add a new WebView to the list? Heads on to GitHub and edit the data file!

Edit this page on GitHub Report an issue on GitHub

Not comfortable with GitHub? Send us an email.

Please help us keeping this data updated

This feature was last updated on November 10, 2025.