In web applications, displaying user-generated content without sanitizing it can lead to security vulnerabilities such as Cross-Site Scripting (XSS).
Write a function that takes a string of HTML and returns a sanitized version where all tags and attributes are removed, leaving only plain text.
Input: html = "<div>Hello <strong>World</strong></div>"
Output: "Hello World"
Explanation: Removes all HTML tags and keeps only the inner text.
Input: html = "<script>alert(1)</script>Click me"
Output: "Click me"
Explanation: The <script> tag is removed for safety.