[sanitize_html] <font> tag hides text

[halkportal970]

When I use this code, sanitizeHtml removes both font tags and all contents inside fonts.
printed string is <p dir="ltr"></p>

var detail = "<p dir=\"ltr\" style=\"margin: 0in 0in 0pt;\">" +
      "<font color=\"#000000\">" +
      "<font face=\"Calibri\">" +
      "<font size=\"3\">This is detail content.</font></font></font></p>" ;
     
print(sanitizeHtml(detail)); 

[jonasfj]

What is the expected behavior here?

Documentation says this follows rules applied for GFM sanitization.
This doesn't allow the <font> tag.

I think we could be open to extending sanitizeHtml with callbacks like:

• bool allowTag(String tag), and,
• bool allowAttribute(String tag, String attribute, String value).

I suppose one could also make the argument that we should not remove the contents of tags that are not allowed.
I think this is what the ruby library does too, see :remove_contents.

Maybe we should default to keep the contents of disallowed tags, while removing the tags, unless disallowed tag is one of: iframe math noembed noframes noscript plaintext script style svg xmp (for which contents should not be retained).