Safely add untrusted strings to HTML/XML markup.
Use DOMPurify on server and client in the same way
Escape and unescape HTML entities in Swift