Bug in allowed attributes

[Narvey]

sanitization_filter.rb has attributes (including color) that are listed as allowed, but do not work in GitHub.

For example, if I do:

<hr color="orange" />

It looks like:

---

Which is clearly grey, not orange. Also in order for the color attribute to be really useful, we need the "font" tag.

I'm not able to test all the others exhaustively, but some others that are rather strange are "checked", "selected", "action", "accesskey". Since form-related tags aren't allowed, I'm not sure what possible use these could have. For these four only, I recommend removing them from the list.

[jantman]

I'll say that I don't really care how we get there (i.e. whitelisted style options, whitelisted tags/attributes/whatever) but it's pretty important to me to be able to at least somehow set font and background color, especially in a HTML table (th/td).

[gjtorikian]

This gem is this gem, and has no guarantee of usage in GitHub text fields. GitHub has configured their whitelist differently.

[Epoizam]

Protection my device please