For final use, should the API perhaps be something that accepts Element / HTMLElement and a string, to be compatible with a future HTML Sanitizer API? (And it would somehow internally keep track of a Sanitizer object.)
https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API For the Closure implementation, it would just set the Element's innerHTML / innerText to what you have, or perhaps use sanitizeToDomNode() or something, in case this is an issue (or just to avoid double-parsing): https://blog.deteact.com/google-closure-library-sanitizer-bypass/ On 12/11/2021 6:14 PM, Harbs wrote: > I added code for sanitizing, but it’s not working because the goog.html files > are not being copied. I don’t know what needs to be done to make that happen. > > Harbs