Bug 1966027 - Document.parseHTMLUnsafe shouldn't sanitize as safe. r=emilio

Differential Revision: https://phabricator.services.mozilla.com/D249035

dom/base/Document.cpp

@@ -20332,13 +20332,13 @@ already_AddRefed<Document> Document::ParseHTMLUnsafe(
     nsCOMPtr<nsIGlobalObject> global =
         do_QueryInterface(aGlobal.GetAsSupports());
     RefPtr<Sanitizer> sanitizer = Sanitizer::GetInstance(
-        global, aOptions.mSanitizer.Value(), true, aError);
+        global, aOptions.mSanitizer.Value(), /* aSafe */ false, aError);
     if (aError.Failed()) {
       return nullptr;
     }
 
     // Step 6. Call sanitize on document with sanitizer and false.
-    sanitizer->Sanitize(doc, /* aSafe */ true, aError);
+    sanitizer->Sanitize(doc, /* aSafe */ false, aError);
     if (aError.Failed()) {
       return nullptr;
     }
@@ -20375,7 +20375,7 @@ already_AddRefed<Document> Document::ParseHTML(GlobalObject& aGlobal,
   // from options with options and true.
   nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports());
   RefPtr<Sanitizer> sanitizer =
-      Sanitizer::GetInstance(global, aOptions.mSanitizer, true, aError);
+      Sanitizer::GetInstance(global, aOptions.mSanitizer, /* aSafe */ true, aError);
   if (aError.Failed()) {
     return nullptr;
   }