See if you can sneak some naughty HTML past Sanitize.
Sanitize config: default restricted basic relaxed
Parse as an HTML document rather than a fragment. Remove the contents of non-allowlisted elements.
This demo doesn't log input. If you manage to sneak something naughty past Sanitize, please email me and tell me what you did so I can fix it.
Sanitize 6.1.0