fbmarkdown URI allowlisting, rel="nofollow ugc", and image tag filtering

[atielking]

Look at my changes by commit!

Commit for URI allowlisting called "phase 1 draft" Commit for adding rel="nofollow ugc" to links called "phase2 no follow ugc for links" Commit for image tag filtering called "phase 3 draft"

Testing

I added 2 new test files, one to test XSS attacks that FB Markdown was vulnerable to before these changes. The second test verifies that the tag adding and image filtering work correctly.

I also ran the entire test suite of ~1300 tests to verify my changes didn't break anything.

Plan

I won't merge this PR into this forked repo, but want to use this space to collect comments. Then, I'll make a PR against the fbmarkdown repo after making some revisions.

Desired feedback includes:

• naming choices
• decision to take BLACKLIST from const to not to allow for changes. Also, I decided to only let people add tags to the filter, but I can also add an option to remove certain tags. Not sure how much people would need that option since you typically turn on/off all these extensions at the beginning and don't change them.
• usability when adding these extensions/without using them (don't want it to be too difficult to refactor client code once this extension comes out).

[facebook-github-bot]

Hi @atielking!

Thank you for your pull request. We require contributors to sign our Contributor License Agreement, and yours needs attention.

You currently have a record in our system, but we do not have a signature on file.

In order for us to review and merge your code, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks!