diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
index f959de6c0b5e..67b4ed5838d1 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
@@ -58,6 +58,8 @@ class DomMethodCallNode extends DataFlow::MethodCallNode {
       name = "createElement" and argPos = 0
       or
       name = "appendChild" and argPos = 0
+      or
+      name = "setHTMLUnsafe" and argPos = 0
     )
   }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
index b5c0be71f452..f25029640009 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
@@ -196,6 +196,11 @@ module DomBasedXss {
         ccf.getMethodName() = "createContextualFragment" and
         this = ccf.getArgument(0)
       )
+      or
+      exists(DataFlow::GlobalVarRefNode doc |
+        doc.getName() = "Document" and
+        this = doc.getAMethodCall("parseHTMLUnsafe").getArgument(0)
+      )
     }
   }