Sanitize <style> content

[mloureiro]

The problem to solve

I'm trying to make sanitize-html to remove only harmful content, include the vast majority of the tags and attributes, but filter out possible harmful content. <style> is an issue, as we're able to allow the tag, but no way to actually sanitize it, allowedStyles doesn't affect that tag, and the content of the tags is not availalbe in transformTags.

The use case: we have an email previewer in the UI, where in the API we generates the email with MJML, the content is somewhat unexpected, plus every now and then someone define the styles within the <style> tag 🙃

Proposed solution

Include (and allow to mutate) the tag content in transformTags. (it might be tricky to allow the mutation due to the inner tags 👀)

Alternatives

Manually parse the style tag from the content string 🤷