{"name":"jQuery.parseHTML","type":"method","title":"jQuery.parseHTML()","deprecated":null,"removed":null,"desc":"Parses a string into an array of DOM nodes.","categories":["utilities","version/1.8"],"entries":[{"return":"Array","signatures":{"added":"1.8","argument":[{"desc":"HTML string to be parsed","name":"data","type":"String"},{"desc":"Document element to serve as the context in which the HTML fragment will be created","name":"context","type":"Element","optional":"true","default":"document"},{"desc":"A Boolean indicating whether to include scripts passed in the HTML string","name":"keepScripts","type":"Boolean","optional":"true","default":"false"}]},"examples":{"desc":"Create an array of Dom nodes using an HTML string and insert it into a div.","html":"\n<div id=\"log\">\n  <h3>Content:</h3>\n</div>\n","code":"\nvar $log = $( \"#log\" ),\n  str = \"hello, <b>my name is</b> jQuery.\",\n  html = $.parseHTML( str ),\n  nodeNames = [];\n\n// Append the parsed HTML\n$log.append( html );\n\n// Gather the parsed HTML's node names\n$.each( html, function( i, el ) {\n  nodeNames[ i ] = \"<li>\" + el.nodeName + \"</li>\";\n});\n\n// Insert the node names\n$log.append( \"<h3>Node Names:</h3>\" );\n$( \"<ol></ol>\" )\n  .append( nodeNames.join( \"\" ) )\n  .appendTo( $log );\n"},"longdesc":"\n    <p><code>jQuery.parseHTML</code> uses a native DOM element creation function to convert the string to a set of DOM elements, which can then be inserted into the document.</p>\n    <p>By default, the <code>context</code> is the current <code>document</code> if not specified or given as <code>null</code> or <code>undefined</code>. If the HTML was to be used in another document such as an iframe, that frame's document could be used.</p>\n\t<h2>Security Considerations</h2>\n\t<p>Most jQuery APIs that accept HTML strings will run scripts that are included in the HTML. <code>jQuery.parseHTML</code> does not run script in the parsed HTML unless <code>keepScripts</code> is explicitly <code>true</code>. However, it is still possible in most environments to execute script indirectly, for example via the <code>&lt;img onerror&gt;</code> attribute. The caller should be aware of this and guard against it by cleaning or escaping any untrusted inputs from sources such as the URL or cookies. For future compatibility, callers should not depend on the ability to run <em>any</em> script content when <code>keepScripts</code> is unspecified or <code>false</code>.</p>\n  "}]}