It seems to be based on lit-html, so anything that's interpolated gets automatically sanitised unless you're using a directive[1] or interpolate other templates created using the "html" function.
I've mainly designed this for backend devs (i.e. rails, django people who just render plain html/css on the front-end), and we generally do HTML sanitization on the server side.
