A HTML description for the popup. If text and html parameters are provided in the same time, html will be used. [Security] SweetAlert2 does NOT sanitize this parameter. It is the developer's responsibility to escape any user input when using the html option, so XSS attacks would be prevented.
Probably not the desired implementation but this works... from the docs (https://sweetalert2.github.io/#download)
A HTML description for the popup. If text and html parameters are provided in the same time, html will be used. [Security] SweetAlert2 does NOT sanitize this parameter. It is the developer's responsibility to escape any user input when using the html option, so XSS attacks would be prevented.