lordmauve
commented
6 years ago There are reasons other than security: stripogram doesn't support quotes inside attributes somehow, meaning it creates garbled attribute values when encountering syntax like
<span style="background-color: transparent; color: inherit; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: inherit; white-space: pre-wrap;">which is produced by the Trumbowyg for an inline code section :man_facepalming:
The stripogram library is not maintained and probably not secure.
A much better option would be bleach.