Element: setAttributeNS() method

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.

Warning: This method can take attribute values that are parsed as HTML, a script, or as a script URL, depending on the attribute. APIs like this are known as injection sinks, and are potentially a vector for cross-site scripting (XSS) attacks, if the value originally came from an attacker.

You can mitigate this risk by always passing the appropriate trusted type object (TrustedHTML, TrustedScript, or TrustedScriptURL) instead of strings for those attributes that require them, and enforcing trusted types. See Security considerations in Element.setAttribute() for more information.

The setAttributeNS() method of the Element interface adds a new attribute or changes the value of an attribute with the given namespace and name.

If you are working with HTML documents and you don't need to specify the requested attribute as being part of a specific namespace, use the setAttribute() method instead.

Syntax

setAttributeNS(namespaceURI, qualifiedName, value)

Parameters

namespaceURI

A string specifying the namespace of the attribute to set, or the empty string.

qualifiedName

A string identifying the attribute by its qualified name, which has the format prefix:localName or localName, where the parts are defined as:

prefix: A "short alias" for the namespace. The prefix is optional, but if it is specified the namespaceURI parameter must also be specified. If the prefix is set to xml or xmlns, the namespaceURI must be set to http://www.w3.org/XML/1998/namespace or http://www.w3.org/2000/xmlns/, respectively.
localName:: The local name of the attribute.

value

A trusted type or string containing the value to assign to the attribute.

Trusted type instances must be passed for the following attributes when trusted types are enforced:

Event handler content attributes, such as onclick and onload, require a TrustedScript.
HTMLIFrameElement.srcdoc require a TrustedHTML instance.
HTMLScriptElement.src require a TrustedScriptURL instance.
SVGScriptElement.href require a TrustedScriptURL instance.

Trusted types are not enforced for other attributes, so a string or any trusted type may be passed.

Return value

None (undefined).

Exceptions

NamespaceError DOMException

Thrown if the namespaceURI value is:

not a valid namespace URI
set to the empty string when prefix has a value
not the value http://www.w3.org/XML/1998/namespace or http://www.w3.org/2000/xmlns/ when prefix is set to xml or xmlns, respectively.

InvalidCharacterError DOMException

Thrown if either the prefix or localName is not valid:

The prefix must have at least one character, and cannot contain ASCII whitespace, NULL, / , or > (U+0000, U+002F, or U+003E, respectively).
The localName must have at least 1 character, and may not contain ASCII whitespace, NULL, / , = or > (U+0000, U+002F, U+003D or U+003E, respectively).

Note: Earlier versions of the specification were more restrictive, requiring that the qualifiedName be a valid XML name.

TypeError

Thrown if value is passed a string instead of a trusted type object (for those attributes that require them) when Trusted Types are enforced by a CSP and no default policy is defined.

Examples

Basic usage

let d = document.getElementById("d1");
d.setAttributeNS(
  "http://www.mozilla.org/ns/specialspace",
  "spec:align",
  "center",
);

Trusted types

The Setting unsafe attributes example in setAttribute() shows how you might use setAttributeNS() with the trusted types.

Specifications

Specification
DOM # ref-for-dom-element-setattributens①

Browser compatibility

Help improve MDN

Learn how to contribute

This page was last modified on Jan 1, 1970 by MDN contributors.

View this page on GitHub • Report a problem with this content