Updates to parseHTMLUnsafe(), parent topic, cross link

mdn · May 21, 2024 · 1ffd59f · 1ffd59f
1 parent a4c5ce2
commit 1ffd59f
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 5 deletions.
diff --git a/files/en-us/web/api/document/index.md b/files/en-us/web/api/document/index.md
@@ -303,6 +303,14 @@ The `Document` interface for HTML documents inherit from the {{DOMxRef("HTMLDocu
 - {{DOMxRef("Document.writeln()")}}
   - : Writes a line of text in a document.
 
+## Static methods
+
+_This interface also inherits from the {{DOMxRef("Node")}} and {{DOMxRef("EventTarget")}} interfaces._
+
+- {{domxref("Document/parseHTMLUnsafe_static", "Document.parseHTMLUnsafe()")}}
+  - : Creates a new `Document` object from a string of HTML without performing sanitization.
+    The string may contain declarative shadow roots.
+
 ## Events
 
 Listen to these events using `addEventListener()` or by assigning an event listener to the `oneventname` property of this interface. In addition to the events listed below, many events can bubble from {{domxref("Node", "nodes", "", "nocode")}} contained in the document tree.

diff --git a/files/en-us/web/api/document/parsehtmlunsafe_static/index.md b/files/en-us/web/api/document/parsehtmlunsafe_static/index.md
@@ -6,20 +6,26 @@ page-type: web-api-static-method
 browser-compat: api.Document.parseHTMLUnsafe_static
 ---
 
-{{APIRef("DOM")}}{{SeeCompatTable}}
+{{APIRef("DOM")}}
+
+The **`parseHTMLUnsafe()`** static method of the {{domxref("Document")}} object is used to parse a string of HTML, which may contain [declarative shadow roots](/en-US/docs/Web/HTML/Element/template#declarative_shadow_dom), in order to create a new {{domxref("Document")}} instance.
+
+The suffix "Unsafe" in the method name indicates that, while `<script>` elements are not evaluated during parsing, the method does not sanitize other potentially unsafe XSS-relevant input.
+
+The resulting `Document` will have a [content type](/en-US/docs/Web/API/Document/contentType) of "text/html", a [character set](/en-US/docs/Web/API/Document/characterSet) of UTF-8, and a URL of "about:blank"
+
 
-The **`Document.parseHTMLUnsafe()`** static method is used to parse a string of HTML to create a new {{domxref("Document")}} object.
 
 ## Syntax
 
 ```js-nolint
-const doc = Document.parseHTMLUnsafe(input)
+Document.parseHTMLUnsafe(input)
 ```
 
 ### Parameters
 
 - `input`
-  - : A string defining HTML to be parsed.
+  - : A string of HTML to be parsed.
 
 ### Return value
 
@@ -39,5 +45,5 @@ None.
 
 ## See also
 
-- Parsing HTML or XML into a DOM tree: {{domxref("DOMParser")}}
+- {{domxref("DOMParser.parseFromString()")}} for parsing HTML or XML into a DOM tree
 - {{domxref("Element.setHTMLUnsafe")}}
diff --git a/files/en-us/web/api/domparser/parsefromstring/index.md b/files/en-us/web/api/domparser/parsefromstring/index.md
@@ -10,6 +10,8 @@ browser-compat: api.DOMParser.parseFromString
 
 The **`parseFromString()`** method of the {{domxref("DOMParser")}} interface parses a string containing either HTML or XML, returning an {{domxref("HTMLDocument")}} or an {{domxref("XMLDocument")}}.
 
+> **Note:** The [`Document.parseHTMLUnsafe()`](/en-US/docs/Web/API/Document/parseHTMLUnsafe_static) static method provides an ergonomic alternative for parsing HTML strings into a {{domxref("Document")}}.
+
 ## Syntax
 
 ```js-nolint