Assets 3
type-change-state.html assumed sanitized value for "  foo\rbar  " was
fixed per a input type, and it was specified by 'sanitizedValue' field.

However, it depends on the previous type.  For example, the new input
types of the following A and B are same, initial value setter arguments
are same, but sanitized values of A and B should be different due to the
sanitizer difference between 'hidden' and 'url':

A)
  input.type = "hidden";
  input.value = "  foo\rbar  ";
  // input.value is "  foo\rbar  "
  input.type = "text";
  // input.value is "  foobar  ".

B)
  input.type = "url";
  input.value = "  foo\rbar  ";
  // input.value is "foobar"
  input.type = "text";
  // input.value is "foobar".

This CL fixes this issue by replacing 'sanitizedValue' field with
'sanitizer' field, which specifies a simple sanitizer implementation.

This fixes five test cases, which have failed with all major browsers.

Change-Id: I1b5f75e610138b1d117e93723471427ee655c300
Reviewed-on: https://chromium-review.googlesource.com/c/1326203
Commit-Queue: Kent Tamura <tkent@chromium.org>
Reviewed-by: Yoshifumi Inoue <yosin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#606730}