Rating: 0

Purify documents to be unsafe for use in jquery's `.html()` in their README if `SAFE_FOR_JQUERY` is not set (which is not).
Searching for the variable in the source code reveals test code for the scenario:
https://github.com/cure53/DOMPurify/blob/2724763e41313b1a54724dfda5573e8b63116962/test/test-suite.js#L53

The payload:
`<option><style></option></select></style></option>`
survives the back and forth conversion and thus triggers the XSS.