After I tried different own approaches that SNYK wasn't satisfied with, I decided to have a look on DOMpurify.

As I saw, what this module takes care about, I also decided to not longer want to do this on my own, the author really did a great job checking nodeTypes and known not allowed attributes and so on.

IMO this probably is the easiest way to handle XXS protection at the moment.

And, SNYK is also happy!