Avoid setting element's innerHTML

This triggers a security warning from the linter and when submitting
a new version.

src/content-script/content-script.js

@@ -242,7 +242,20 @@ async function getPage() {
       for (const sr of shadowRoots(host.shadowRoot)) {
         serializeRoots.push(sr)
       }
-      el.innerHTML = host.getHTML({shadowRoots: serializeRoots})
+
+      // We could inject the host's HTML to el.innerHTML but it triggers
+      // a warning from webext lint.
+      // We then parse the host's HTML and inject its content.
+      new DOMParser()
+        .parseFromString(
+          host.getHTML({shadowRoots: serializeRoots}),
+          "text/html",
+        )
+        .getRootNode({composed: true})
+        .querySelectorAll("template") // in FF, the template is in the head element
+        .forEach((e) => {
+          el.appendChild(e)
+        })
     })
   } catch (e) {
     console.error(`error serializing shadow DOM: ${e}`)