DOMpurify is accepted
However, there are issues that can still cause complications.
Generally speaking, problems start when remote content is injected using innerHTML (or similar method of converting strings to DOM e.g. outerHTML, insertAdjacentHTML, parseFromString, createContextualFragment, JQuery append/prepend/appendTo/html/before/after/insertBefore/insertAfter)
There are other security concerns with data itself when it is not even DOM.
It all depends on the situation. Personally, I have found that it is often possible to insert remote data safely without the need for external sanitizing library.