See if you can sneak some naughty HTML past
Parse as an HTML document rather than a fragment.
Remove the contents of non-allowlisted elements.
This demo doesn't log input. If you manage to sneak something naughty past Sanitize, please email me and tell me what you did so I can fix it.