Thought some Of you may be interested in this. https://research.google/pubs/if-its-not-secure-it-should-not-compile-preventing-dom-based-xss-in-large-scale-web-development-with-api-hardening/
And this that is using it… https://github.com/google/safevalues