Open lukewarlow opened 4 weeks ago
Just to note the unsafe naming is there because in future we'll get a "safe" version (called parseHTML
that has a built in sanitiser and all that nice stuff), so parseHTMLUnsafe is no less safe than parseFromString.
@lukewarlow @Telroshan I have published a polyfill for the final version of this proposal, which has been used for VDOM/JSX to HTML generation: EasyWebApp/DOM-Renderer#5
Currently HTMX is using
new DOMParser().parseFromString()
for parsing the HTML responses. This is fine enough for most use cases and makes sense given the browser support is better.However, one big limitation of this is it doesn't support Declarative Shadow DOM. For this there's a newer
Document.parseHTMLUnsafe()
function.Would it make sense to provide a mechanism to use the newer function?