`sanitize` should use a whitelist, not a blacklist

[feross]

It's a lot easier, safer, and future-proof to specify just the tags that you want to allow, instead of everything to disallow.

For example, 'onclick', 'onerror', 'onhover', 'onmouseover'... are there other attributes I'm missing? Does Gecko/Webkit/Blink have other proprietary events I need to blacklist to protect users of those browsers?

[feross]

Realized that I can pass a function to sanitize and do return !whitelist(name). Still, would be better to encourage people to use a whitelist.