GHSA-h6p3-p4vx-wr8q: dompurify vulnerable to Cross-site Scripting

dompurify prior to version 2.2.3 is vulnerable to a cross-site scripting problem caused by nested headlines.