So is the usecase for this that you save un trusted html from your user in your database, then send that untrusted html to your users, but in the front end parse it down to just the safe bits?

I think maybe a better api would be to add an unsafe html tag so it would look something like:

    <unsafe>
    all unsafe code here
    </unsafe>

Then if the browsers do indeed support it, it would work even without javascript.

But in any case, you really should be validating everything server side.