Don't remove <head> contents during sanitization.

[emilio]

The DOMPurify preserves <base> elements, and they're handled by transformBase.

But if the <base> element is in the <head>, it gets accidentally trimmed too early via cheerio('body').html(), which just discards <head> contents.

Fix it by using cheerio.html() which returns the complete html of the document.

[Swiip]

Thanks a lot, looks good to me, looks like I introduced a regression when I updated the cheerio code.

Yet I still need to double check there is no further implication about letting the head pass that phase. There could be a lot more things than a base tag in a head.

I'll try to let you know when it's done.

[emilio]

Yet I still need to double check there is no further implication about letting the head pass that phase. There could be a lot more things than a base tag in a head.

Given any element in <head> can effectively also be under the <body> element, I don't think there should be any new implication in practice, right?

[mmso]

Merged in https://github.com/ProtonMail/WebClients/commit/661185c1c9855688e7f73adb08afa3ed4ed5eb43. Thanks for your contribution!