docs(readme): document option trustedTypePolicy

Author: remarkablemark

README.md

@@ -43,6 +43,7 @@ parse('<p>Hello, World!</p>'); // React.createElement('p', {}, 'Hello, World!')
   - [library](#library)
   - [htmlparser2](#htmlparser2)
   - [trim](#trim)
+  - [trustedTypePolicy](#trustedtypepolicy)
 - [Migration](#migration)
   - [v5](#v5)
   - [v4](#v4)
@@ -443,6 +444,21 @@ However, intentional whitespace may be stripped out:
 parse('<p> </p>', { trim: true }); // React.createElement('p')
 ```
 
+### trustedTypePolicy
+
+When running in the browser, you can pass a [Trusted Types](https://developer.mozilla.org/docs/Web/API/Trusted_Types_API) policy. The parser uses `trustedTypePolicy.createHTML` right before assigning to `innerHTML`:
+
+```ts
+parse('<div>Hello</div>', {
+  trustedTypePolicy: window.trustedTypes?.createPolicy('my-policy', {
+    createHTML(input) {
+      // apply sanitization logic here
+      return DOMPurify.sanitize(input);
+    },
+  }),
+});
+```
+
 ## Migration
 
 ### v6

examples/webpack/src/index.js

@@ -6,8 +6,8 @@ const root = createRoot(document.getElementById('root'));
 const trustedHtml =
   window.trustedTypes && window.trustedTypes.createPolicy
     ? window.trustedTypes.createPolicy('csp-react-html', {
-        createHTML: function (string) {
-          return string;
+        createHTML: function (input) {
+          return input;
         },
       })
     : null;