I'm using DOMPurify with types, and it returns TrustedHTML when RETURN_TRUSTED_TYPE option is provided.
https://github.com/DefinitelyTyped/DefinitelyTyped/blob/f6dad85222741e22707bb30d39caf58e80843f9c/types/dompurify/index.d.ts#L24

While using DOMPurify works with innerHTML, it doesn't work with DOMParser's parseFromString.

import { sanitize } from 'dompurify';

const template = document.createElement('template');
template.innerHTML = sanitize('test', { RETURN_TRUSTED_TYPE: true }) as unknown as string; // no tsec error

const parser = new DOMParser();
parser.parseFromString(sanitize('test', { RETURN_TRUSTED_TYPE: true }) as unknown as string, 'text/html');
// TS21228: [ban-domparser-parsefromstring] Using DOMParser#parseFromString to parse untrusted input into DOM elements can lead to XSS.

Why are there differences in Trusted Types usage behavior?

Because parseFromString itself doesn't return a Trusted Type. It returns a DOM node.

Could you describe your use case with more details?

Because parseFromString itself doesn't return a Trusted Type. It returns a DOM node.

Well, I'm talking about difference in behavior.
Why is assigning TrustedHTML to innerHTML doesn't require ban-element-innerhtml-assignments exemption but it does require ban-domparser-parsefromstring exemption on parseFromString?

Because we believe such cases are extremely rare, and analysis regarding function properties is less precise in general. If you have a strong use case for parseFromString to consume a Trusted Types value, we can consider supporting it.

We are just parsing XML file uploaded by user.

But in that case, can you at least document which sinks won't require exemption when used with Trusted Types? Maybe add a column of Skips exemption with Trusted Types with Boolean value here?

Yes, I will update the doc.