I am currently working on upgrading my extension Cast Kodi to MV3. The background must parse HTML, but DOMParser is not available in the service worker. So I use LinkeDOM as polyfill. Addons-linter reports three warnings : Unsafe assignment to innerHTML.
I think the browser still interprets it, even if it comes through a library like LinkeDOM.
In general, the worry is code that adds unsanitized/unescaped inputs into .innerHTML as that opens it up for security risks.
If the content (eventually being the html parameter in those functions) comes from your extension, you could clean it up there (with for example DOMPurity).
I’ll also chat with the team next week to see if this is a use case our reviewers have experience with and can provide more details on what could be a good solution.
The goal of LinkeDOM is to provide an implementation of the DOM. The library doesn’t use the innerHTML method of the browser. It has its own implementation: