The Sanitizer API is now feature complete, but there are still outstanding spec issues that need to be resolved before shipping. If we enable it by default in Nightly, it would also show up on https://wpt.fyi/results/sanitizer-api.

Once this lands, it should be documented at https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Experimental_features.

Sebastian

https://hg.mozilla.org/mozilla-central/rev/61b5b618673f

This request is for Nightly-only.

Release Note Request (optional, but appreciated)
[Why is this notable]: A new web API.
[Affects Firefox for Android]: yes
[Suggested wording]: The Sanitizer API provides new methods for HTML manipulation. element.setHTML() allows inserting HTML like element.innerHTML but without the security risks (like XSS). There is also a corresponding document.parseHTML() method.
[Links (documentation, blog post, etc)]: https://developer.mozilla.org/en-US/docs/Web/API/Sanitizer https://developer.mozilla.org/en-US/docs/Web/API/Element/setHTML

Added to the Nightly release notes for 146 where it will stay for 3 cycles or until the feature dom.security.sanitizer.enabled is enabled on all channels.

FF146 MDN docs work for this can be tracked in https://github.com/mdn/content/issues/41649

This was mostly update to docs to address the MDN bug setHTML() - non-normalized SanitizerConfig explanation is incomplete #41634. @Tom, you are pinged on that.

Removed from the Nightly release notes.
This has been included for 3 cycles now. Feel free to nominate again once the feature is enabled for Release.