fix(Sanitizer): read options from config

src/trix/config/parser.js

@@ -2,4 +2,7 @@ export default {
   removeBlankTableCells: false,
   tableCellSeparator: " | ",
   tableRowSeparator: "\n",
+  allowedAttributes: "style href src width height language class".split(" "),
+  forbiddenProtocols: "javascript:".split(" "),
+  forbiddenElements: "script iframe form noscript".split(" "),
 }

src/trix/models/html_sanitizer.js

@@ -1,29 +1,20 @@
+import * as config from "trix/config"
 import BasicObject from "trix/core/basic_object"
 
 import { nodeIsAttachmentElement, removeNode, tagName, walkTree } from "trix/core/helpers"
 
-const DEFAULT_ALLOWED_ATTRIBUTES = "style href src width height language class".split(" ")
-const DEFAULT_FORBIDDEN_PROTOCOLS = "javascript:".split(" ")
-const DEFAULT_FORBIDDEN_ELEMENTS = "script iframe form noscript".split(" ")
-
 export default class HTMLSanitizer extends BasicObject {
   static setHTML(element, html) {
     const sanitizedElement = new this(html).sanitize()
     const sanitizedHtml = sanitizedElement.getHTML ? sanitizedElement.getHTML() : sanitizedElement.outerHTML
     element.innerHTML = sanitizedHtml
   }
 
-  static sanitize(html, options) {
-    const sanitizer = new this(html, options)
-    sanitizer.sanitize()
-    return sanitizer
-  }
-
-  constructor(html, { allowedAttributes, forbiddenProtocols, forbiddenElements } = {}) {
+  constructor(html) {
     super(...arguments)
-    this.allowedAttributes = allowedAttributes || DEFAULT_ALLOWED_ATTRIBUTES
-    this.forbiddenProtocols = forbiddenProtocols || DEFAULT_FORBIDDEN_PROTOCOLS
-    this.forbiddenElements = forbiddenElements || DEFAULT_FORBIDDEN_ELEMENTS
+    this.allowedAttributes = config.parser.allowedAttributes
+    this.forbiddenProtocols = config.parser.forbiddenProtocols
+    this.forbiddenElements = config.parser.forbiddenElements
     this.body = createBodyElementForHTML(html)
   }