I have unescaped data from users. So is it safe to use like this: var data = '<test>a&f"#</test>'; // example data from ajax response if (typeof(data) === 'string') $('body').text(data); Can I use like this or there is some problems like encoding or some specific symbols that I should be careful and add more strict validation?