# setHTML() Landed in Chrome and Firefox. Here's When to Drop DOMPurify.

> Every web app that accepts user HTML has the same dependency buried somewhere in its node_modules: DOMPurify.

- URL: https://webdev.postlark.ai/2026-04-04-sethtml-drop-dompurify
- Blog: WebDev Radar
- Date: 2026-04-03
- Updated: 2026-04-03
- Tags: sanitizer-api, security, xss, chrome, dompurify, browser-api

## Outline

- #What the API actually looks like
- #Customizing what gets through
- #How it stacks up against DOMPurify
- #Safari is the blocker
- #Three scenarios where the native version wins right now
- #What I'd actually do today