This issue proposes an improvement to the README which clarifies how to use DOMPurify.sanitize along with trustedTypes.createPolicy, specifically when using Typescript.

Background & Context

I am trying to create a trustedTypes policy and to use DOMPurify.sanitize in the createHTML. I am trying to do this in Typescript without resorting to any.

I have read the docs here: https://github.com/cure53/DOMPurify?tab=readme-ov-file#what-about-dompurify-and-trusted-types and looked at other usage in GitHub and and am confused.

Bug

This does not work (ie TS won't compile due to type issues):

window.trustedTypes!.createPolicy('default', {
  createHTML: (to_escape) =>
    DOMPurify.sanitize(to_escape, { RETURN_TRUSTED_TYPE: true }),
});

whereas both of these work:

window.trustedTypes!.createPolicy('default', {
  createHTML: (to_escape) =>
    DOMPurify.sanitize(to_escape, { RETURN_TRUSTED_TYPE: false }),
});

and

window.trustedTypes!.createPolicy('default', {
  createHTML: (to_escape) =>
    DOMPurify.sanitize(to_escape, { RETURN_TRUSTED_TYPE: true }).toString(),
});

Should I just use one of those two options or is there a way to get this to work with RETURN_TRUSTED_TYPE: true without having to resort to toString or any?

Feature

I suggest providing an more complete example in the docs of the correct usage.