https://docs.google.com/presentation/d/1eLmIZkY7auD8xT-Q6AzBKM_ASFHH8Z5fMyfeoSbSH-k/view#slide=id.g82761e80df_0_1948 Sanitizer APIについてのスライド。 DOM XSSを防ぐSanitizer APIがサニタイズしたHTML文字列を返すAPIではない理由、setHTML APIについて 関連URL Sanitizer API creating mock context-element can cause XSS when used in different context · Issue #42 · WICG/sanitizer-api 1669945 - Sanitizer bypass if the sanitized markup is assigned to srcdoc