feat(options): add CSP support with trustedTypePolicy

[remdex]

What is the motivation for this pull request?

Closes #1123

What is the current behavior?

What is the new behavior?

Will support trusted policy workflows. E.g

let trustedHtml = (window.trustedTypes && window.trustedTypes.createPolicy)
                ? window.trustedTypes.createPolicy('csp-react-html', {createHTML: function(s) { return s; }})
                : null;

root.render(parse('<h1>HTMLReactParser loaded with Webpack</h1>',{
   trustedTypePolicy : trustedHtml
}));

Checklist:

• Tests
• Documentation

[remarkablemark]

Thanks for opening the PR!

Can you help address the lint errors?

npm run lint:fix

And fix the test coverage? (If it's too tricky, you can use v8 ignore comment):

npm run test:ci

[Copilot]

Pull request overview

Adds Trusted Types policy support to the browser (client) parsing path so consumers can comply with CSP Trusted Types enforcement by generating TrustedHTML right before innerHTML assignments.

Changes:

• Introduces trustedTypePolicy on the exported options type and threads options through both server/client entrypoints for a consistent API surface.
• Updates the client domparser implementation to call trustedTypePolicy.createHTML immediately before any innerHTML sink usage (template/document paths).
• Adds tests and documentation for the new option, and tweaks ESLint config for the type assertion tests.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/types.ts	Adds TrustedTypePolicy and HTMLDOMParserOptions (including trustedTypePolicy).
src/server/html-to-dom.ts	Switches options type to HTMLDOMParserOptions for the public API signature.
src/client/html-to-dom.ts	Accepts options and forwards trustedTypePolicy into the DOM parsing implementation.
src/client/domparser.ts	Applies Trusted Types policy output to innerHTML sinks (template/document parsing paths).
README.md	Documents the new trustedTypePolicy option and reorganizes the options section.
eslint.config.mts	Disables no-unsafe-call for the type-test directory.
tests/types/index.test.ts	Adds a type-level usage case for trustedTypePolicy.
tests/client/index.test.ts	Adds runtime tests to ensure the policy hook is invoked when parsing in the client.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (76d8558) to head (590ecb0).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##            master     #1439   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            6         6           
  Lines          120       122    +2     
  Branches        30        31    +1     
=========================================
+ Hits           120       122    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[remarkablemark]

Thanks for fixing the lint errors! The only thing that's failing now is the type check:

npm run lint:tsc

[remarkablemark]

LGTM!

[remarkablemark]

Release:

• chore(master): release 7.1.0 #1440 (comment)

[remdex]

Also if you could take care of react would be prefect :D