Okay, I finally got it. I had to change:
const safeHtml: SafeHtml = this.sanitizer.bypassSecurityTrustHtml(html);
to this:
const safeHtml: any = this.sanitizer.bypassSecurityTrustHtml(html); // Need "any" here to coax the SafeHtml into a string for "content" property