sanitize Leaflet innerHTML mutations at build time

rollup.config.ts

@@ -1,8 +1,19 @@
+// noinspection JSUnusedGlobalSymbols
+
 import commonjs from '@rollup/plugin-commonjs'
+import inject from '@rollup/plugin-inject'
 import terser from '@rollup/plugin-terser'
 import typescript from '@rollup/plugin-typescript'
+// @ts-expect-error -- untyped plugin
+import untypedModify from 'rollup-plugin-modify'
 import { nodeResolve } from '@rollup/plugin-node-resolve'
-import { type RollupOptions } from 'rollup'
+import { type Plugin, type RollupOptions } from 'rollup'
+
+// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment -- untyped plugin
+const modify: (modifyOptions: {
+  find: string | RegExp
+  replace: string | ((match: string, element: string, value: string) => string)
+}) => Plugin = untypedModify
 
 const rollupConfig: RollupOptions = {
   input: 'src/index.ts',
@@ -14,8 +25,16 @@ const rollupConfig: RollupOptions = {
     },
   ],
   plugins: [
-    nodeResolve(),
     commonjs(),
+    modify({
+      find: /(?<element>.*)\.innerHTML\s*=\s*(?<value>.*);/,
+      replace: (_match: string, element: string, value: string): string =>
+        `${element}.innerHTML = DOMPurify.sanitize(${value});`,
+    }),
+    inject({
+      DOMPurify: 'dompurify',
+    }),
+    nodeResolve(),
     typescript({
       exclude: ['rollup.config.ts'],
     }),