diff --git a/lib/utils/html-tag.js b/lib/utils/html-tag.js
index bde13b517..6a5f62477 100644
--- a/lib/utils/html-tag.js
+++ b/lib/utils/html-tag.js
@@ -68,15 +68,13 @@ function literalValue(value) {
  */
 function htmlValue(value) {
   if (value instanceof HTMLTemplateElement) {
-    // Use the XML serializer to avoid xMSS attacks from browsers' sometimes
-    // unexpected formatting / cleanup of innerHTML.
-    const serializedNewTree = new XMLSerializer().serializeToString(
-        /** @type {!HTMLTemplateElement } */ (value));
-    // The XMLSerializer is similar to .outerHTML, so slice off the leading
-    // and trailing parts of the <template> wrapper tag.
-    return serializedNewTree.slice(
-        serializedNewTree.indexOf('>') + 1,
-        serializedNewTree.lastIndexOf('</'));
+    // This might be an mXSS risk – mainly in the case where this template
+    // contains untrusted content that was believed to be sanitized.
+    // However we can't just use the XMLSerializer here because it misencodes
+    // `>` characters inside style tags.
+    // For an example of an actual case that hit this encoding issue,
+    // see b/198592167
+    return /** @type {!HTMLTemplateElement } */(value).innerHTML;
   } else if (value instanceof LiteralString) {
     return literalValue(value);
   } else {