For final use, should the API perhaps be something that accepts Element
/ HTMLElement and a string, to be compatible with a future HTML
Sanitizer API? (And it would somehow internally keep track of a
Sanitizer object.)
https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API
For the Closure implementation, it would just set the Element's
innerHTML / innerText to what you have, or perhaps use
sanitizeToDomNode() or something, in case this is an issue (or just to
avoid double-parsing):
https://blog.deteact.com/google-closure-library-sanitizer-bypass/
On 12/11/2021 6:14 PM, Harbs wrote:
> I added code for sanitizing, but it’s not working because the goog.html files
> are not being copied. I don’t know what needs to be done to make that happen.
>
> Harbs
