DOMPurify: Reused instance can retain stale TRUSTED_TYPES_POLICY after clearConfig()

A DOMPurify instance reused across trust boundaries can retain a previously supplied TRUSTED_TYPES_POLICY even after clearConfig() is called, causing later sanitize calls with RETURN_TRUSTED_TYPE to return TrustedHTML created by the old policy instead of a clean default.

Applications that reuse a single DOMPurify instance across multiple integrations, plugins, request handlers, or components with different trust levels, and rely on clearConfig() to restore safe defaults.

Review your DOMPurify usage for shared instances across trust boundaries and apply the suggested fix: either reset trustedTypesPolicy and emptyHTML in clearConfig() or in _parseConfig() when TRUSTED_TYPES_POLICY is null.