Intent to prototype: Sanitizer API

[Tom Schuster]

Summary: The Sanitizer API provides new methods for HTML manipulation. As an example, element.setHTML() allows developers to insert HTML like element.innerHTML but without the security risks (like XSS). We have a pretty much finished implementation that we want to enable in Nightly soon.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1650370
Specification: https://github.com/WICG/sanitizer-api
Standards Body: WhatWG/HTML stage 2 (https://github.com/whatwg/html/issues/7197)
Platform coverage: all
Preference: dom.security.sanitizer.enabled
DevTools bug: n/a
Link to standards-positions discussion: https://github.com/mozilla/standards-positions/issues/106
Other browsers:

• Blink: Previously shipped (and unshipped) an older version. Ongoing work on an updated version.

• WebKit: positive (https://github.com/WebKit/standards-positions/issues/86)

web-platform-tests: https://wpt.fyi/results/sanitizer-api