Split method cleaner_options off from scrub_html in safe_html transform.

[mauritsvanrees]

This makes it easier to monkey patch or subclass.

My use case for an override is to allow script tags from one specific domain and not any other. Sample monkey patch:

from Products.PortalTransforms.transforms.safe_html import SafeHTML

HOST_WHITELIST = (
    "mautic.example.com",
)

def updated_cleaner_options(self):
    # Get standard options from Plone:
    opts = self._orig_cleaner_options()
    # Have a domain whitelist:
    opts["host_whitelist"] = HOST_WHITELIST
    # Specify the tags for which the host_whitelist is checked on a few known attributes (src),
    # default is iframe and embed:
    opts["whitelist_tags"] = {'iframe', 'embed', 'script'}
    # Allow the script tag, to prevent it being removed, with only the contents kept
    if "script" not in opts["allow_tags"]:
        opts["allow_tags"].append("script")
    # Remove 'on:' attributes:
    opts["javascript"] = 1
    # Let the cleaner add script to the kill_tags/nasty_tags:
    opts["scripts"] = 1
    return opts

SafeHTML._orig_cleaner_options = SafeHTML.cleaner_options
SafeHTML.cleaner_options = updated_cleaner_options

[mister-roboto]

@mauritsvanrees thanks for creating this Pull Request and help improve Plone!

To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass.

Whenever you feel that the pull request is ready to be tested, either start all jenkins jobs pull requests by yourself, or simply add a comment in this pull request stating:

@jenkins-plone-org please run jobs

With this simple comment all the jobs will be started automatically.

Happy hacking!

[mauritsvanrees]

@jenkins-plone-org please run jobs