Clean HTML pasted into TinyMCE

[christianp]

A question author copied a passage of text from a running question into the editor. The pasted text included the knockout data-binding code from the default theme, which was passed through untouched and ended up being evaluated, causing an error.

I think it should be possible to have knockout stuff in content areas, because people sometimes do clever stuff with it, but pasting in text shouldn't lead to these kinds of problems.

HTML pasted into the content area editor should be cleaned, removing any attributes that aren't on an allowed list.

[christianp]

There have also been a few cases of people pasting in rendered MathJax output, which breaks MathJax next time it runs.