Blacklist mode

[ShadowJonathan]

I came across this in https://github.com/ruma/ruma/pull/1161; It'd be useful for ammonia to have a blacklist mode, instead of a whitelist mode, to remove specific tags from HTML, instead of retaining specific tag.

The usecase here is removing unwanted inserted tags from an otherwise wholly trusted and/or intended-to-be-preserved HTML snippet.

[xmo-odoo]

Seems easier to just use html5ever directly then no?

A blacklist mode is an attractive nuisance for a package which intends to be used in security contexts, it's way too easy to take the facile route of using the blacklist mode then having to play whack a mole for years on end.

[notriddle]

I essentially agree with @xmo-odoo. Ammonia is supposed to be a self-contained package of best practices, and that means unknown HTML features should be disallowed by default until someone has had a chance to evaluate them for potential security problems.