DOMPurify

The DOMParser.prototype.parseFromString function will return a Document:

const parser = new DOMParser();
const doc = parser.parseFromString('<img src=x onerror=alert(1)>', 'text/html');
console.log(doc.querySelectorAll("*")); // NodeList(4) [ html, head, body, img]

Assign .innerHTML (equal to <svg></p>whatever) with itself:

const el = document.createElement('div');
el.innerHTML = '<svg></p>whatever'; // "<svg></p>whatever"
el.innerHTML = el.innerHTML; // "<svg></svg><p></p>whatever"

Quartz 🪬

Explorer

DOMPurify

Resources