I want to traverse a DOM tree from a resultText string of document.documentElement.innerHTML using jQuery.

Code

console.log(request.data);
sourceDOM = $('<html>').html(request.data);

When line 1 runs, I can see the full source code including all scripts.

When line 2 runs, I get a few lines of Refused to load the script because it violates the following *Content Security Policy directive errors:

script-src ‘self’ ‘unsafe-eval’

When I examine the sourceDOM through the console, I only see the html and all the script tags have been removed.

How can I assign HTML to a JQuery variable that doesn’t then execute it?