The editor view layer uses innerHTML for performance reasons and we aren't ready to rework that (see #106285 (comment)) This is a use-case of a custom policy, e.g one which doesn't escape things. There might be other, still unknown, places where policies are required, e.g when rendering markdown. This is the item to track such policy usages.