Hook to sanitize `style` contents

[xmo-odoo]

I don't know whether Ammonia would want to bundle a CSS sanitizer, but the ability to handle that somewhat finely without needing to resort to a full-blown attribute_filter would be nice.

[merlinz01]

This would be a great plus for Python users moving from the now-deprecated bleach, and it would allow for better integration with things like CKEditor.

[notriddle]

I'm not opposed to a style attribute sanitizer. The Servo cssparser is pretty complicated to use, but you can look at servo itself and librsvg as examples of how to do it.

Also, it should default to only allowing a small number of very safe options, like italics, bold, and color. No margins, since negative margins could be used for clickjacking.

[merlinz01]

Unfortunately although I would love to see a style sanitizer, I don't really have the time to implement it at this point, so I'm just being content with fewer features of CKEditor for now.

A quick search on crates.io turns up parcel_css, lightningcss, css-minify, css-parser-rs for other CSS parsers. I didn't check if any of them claim to support full CSS syntax. Although for an application like CKEditor's output, you won't be needing to parse calc() expressions or @import declarations, etc; it's styles are fairly basic from what I've seen.

I suppose an implementation would involve parsing the CSS with a spec-compliant parser, running over the AST with a user-defined whitelist, and outputting the CSS again into the HTML element's style attribute.

[xmo-odoo]

Looking at bleach's css sanitizer it whitelists on the property name alone so being able to run on the raw AST is probably not necessary as long as you can run on and serialize individual declarations.

Also in the list parcel_css seems to be the old name for lightningcss, the readme is strikingly similar, it hasn't been updated in two years, and lightning advertises itself as Parcel's CSS parser.