Yes, but you can also easily lint on it: all uses of `context.innerHTML` are now suspect and should get a suggestion to use `context.setHTML` instead.

With `const clean = DOMPurify.sanitize(input); context.innerHTML = clean;` your linter suddenly needs to do complex code analysis and keep track if each variable passed to `context.innerHTML` is clean or tainted.

I feel like calling this a downside implies there's an alternative, but there's no way that `innerHtml`'s behavior could be changed. There are a lot of valid reasons for arbitrary HTML to be set, and changing that would break so many things.

You can disable it for your site using a trusted types content security policy.

Combine it with enforced Trusted Types:

https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Typ...

Yes, one could simply make a setter for innerHTML which calls setHTML(). No code changes needed.