```html
<iframe id="webpage"></iframe><br/> <button onclick="sanitize()">Sanitize</button>
<script> function sanitize() { // Create a sanitizer object with the default config const sanitizer = new Sanitizer(); // Find the iframe node const iframe = document.getElementById('webpage'); // Sanitize the iframe's document node const sanitizedFrameNodes = sanitizer.sanitize(iframe.contentWindow.document); iframe.replaceChildren(sanitizeFrameNodes); } </script>```
The setHTML() method of the Element interface is used to parse and sanitize a string of HTML and then insert it into the DOM as a subtree of the element. It should be used instead of Element.innerHTML for inserting untrusted strings of HTML into an element.
```js const unsanitized_string = "abc <script>alert(1)<" + "/script> def"; // Unsanitized string of HTML const sanitizer1 = new Sanitizer(); // Default sanitizer;
// Get the Element with id "target" and set it with the sanitized string. document.getElementById("target").setHTML(unsanitized_string, {sanitizer: sanitizer1});
// Result (as a string): "abc def" ```