diff --git a/src/trix/config/parser.js b/src/trix/config/parser.js
index 4e0cc5cb5..d6bc20bd8 100644
--- a/src/trix/config/parser.js
+++ b/src/trix/config/parser.js
@@ -2,4 +2,7 @@ export default {
   removeBlankTableCells: false,
   tableCellSeparator: " | ",
   tableRowSeparator: "\n",
+  allowedAttributes: "style href src width height language class".split(" "),
+  forbiddenProtocols: "javascript:".split(" "),
+  forbiddenElements: "script iframe form noscript".split(" "),
 }
diff --git a/src/trix/models/html_sanitizer.js b/src/trix/models/html_sanitizer.js
index 3dd0b3e68..4bdfc2f76 100644
--- a/src/trix/models/html_sanitizer.js
+++ b/src/trix/models/html_sanitizer.js
@@ -1,11 +1,8 @@
+import * as config from "trix/config"
 import BasicObject from "trix/core/basic_object"
 
 import { nodeIsAttachmentElement, removeNode, tagName, walkTree } from "trix/core/helpers"
 
-const DEFAULT_ALLOWED_ATTRIBUTES = "style href src width height language class".split(" ")
-const DEFAULT_FORBIDDEN_PROTOCOLS = "javascript:".split(" ")
-const DEFAULT_FORBIDDEN_ELEMENTS = "script iframe form noscript".split(" ")
-
 export default class HTMLSanitizer extends BasicObject {
   static setHTML(element, html) {
     const sanitizedElement = new this(html).sanitize()
@@ -13,17 +10,11 @@ export default class HTMLSanitizer extends BasicObject {
     element.innerHTML = sanitizedHtml
   }
 
-  static sanitize(html, options) {
-    const sanitizer = new this(html, options)
-    sanitizer.sanitize()
-    return sanitizer
-  }
-
-  constructor(html, { allowedAttributes, forbiddenProtocols, forbiddenElements } = {}) {
+  constructor(html) {
     super(...arguments)
-    this.allowedAttributes = allowedAttributes || DEFAULT_ALLOWED_ATTRIBUTES
-    this.forbiddenProtocols = forbiddenProtocols || DEFAULT_FORBIDDEN_PROTOCOLS
-    this.forbiddenElements = forbiddenElements || DEFAULT_FORBIDDEN_ELEMENTS
+    this.allowedAttributes = config.parser.allowedAttributes
+    this.forbiddenProtocols = config.parser.forbiddenProtocols
+    this.forbiddenElements = config.parser.forbiddenElements
     this.body = createBodyElementForHTML(html)
   }