Adds sanitize_html, a whitelist based HTML sanitizer.

[Kapu1178]

Adds a customizable HTML sanitizer function using the Ammonia crate. Out of the box, it will:

• Strip <script> and <style> attributes, as well as their contents.
• Prune all URL schemes, including byond://
• Prune all HTML attributes and CSS tags, but not their contents.

By providing json encoded lists, you can whitelist given attributes or tags to not be pruned. I have included a curated tag list in the dm source file for this module that will whitelist most safe CSS attributes.

It occured to me that alot of servers run things like old papercode, which does not sanitize on the server side before being viewable by a client. Sanitizing strings with DM would be an absolute performance nuke, assuming you could even make it bulletproof in the first place.
Here is a recommended default tag whitelist

list(
	"b","br",
	"center", "code",
	"dd", "del", "div", "dl", "dt",
	"em",
	"font",
	"h1", "h2", "h3", "h4", "h5", "h6", "hr",
	"i", "ins",
	"li",
	"menu",
	"ol",
	"p", "pre",
	"span", "strong",
	"table",
	"tbody",
	"td",
	"th",
	"thead",
	"tfoot",
	"tr",
	"u",
	"ul",
)

[Kapu1178]

Error: "sanitize = ["ammonia", "maplit", "serde_json"] is not sorted in Cargo.toml default features"

I am unsure how to fix this.

[Mothblocks]

Semicolon?

[Kapu1178]

I don't understand, am I missing something here?

[Mothblocks]

The interface should take a list and json_encode in itself.

[Kapu1178]

I didn't do this so that you can store pre-encoded global lists to save on perf.

[Cyprex]

Wouldn't that mean it's encoding on every call? The thing is that this will likely be called many times with only one or a few lists, so this introduces extra overhead.

[vuonojenmustaturska]

wouldn't it make sense to keep this around rather than build it anew on every invocation

[Kapu1178]

I'd have to hash the arguments and such and that's out of my skill set presently.

[ZeWaka]

Looks about right.

[optimumtact]

looks about right :+2:

[Kapu1178]

mods? mergies? @ZeWaka