I would highly recommend using DOMPurify over sanitize-html. It is a lot smaller in bundle size, it is also well maintained: https://github.com/cure53/DOMPurify
The author mentions to build their own sanitizer, which I would recommend against. Maybe for this use case (extracting a few b tags), it’d be fine, but as soon as links are involved: please stand on the shoulder of giants in order to prevent XSS.
Thank you for the suggestion! I'll make sure to look into it. And yes, you're right that I should stand on the shoulders of giants. My only problem is that I want my project to eventually be used by a variety of build tools for ClojureScript, and afaik there's only one that supports NPM packages (Shadow-CLJS), so I try to get by without and also lessen my dependency on NPM packages.
The author mentions to build their own sanitizer, which I would recommend against. Maybe for this use case (extracting a few b tags), it’d be fine, but as soon as links are involved: please stand on the shoulder of giants in order to prevent XSS.