feat(ui): add user setting to control target="_blank" on links

Rationale: Opening links in the current tab is the default browser behavior. Using `target="_blank"` on external links can lead to accessibility issues and override user preferences. It may also interfere with assistive technologies and expected browser behavior. To maintain backward compatibility, this option is enabled by default (`true`), which adds `target="_blank"` to links.
2025-07-02 16:38:37 +00:00 · 2025-06-08 20:47:57 -07:00 · 2025-06-08 20:47:57 -07:00 · c718eb039b
commit c718eb039b
parent 699deea72c
39 changed files with 345 additions and 259 deletions
--- a/internal/reader/processor/processor.go
+++ b/internal/reader/processor/processor.go
@ -125,7 +125,7 @@ func ProcessFeedEntries(store *storage.Storage, feed *model.Feed, userID int64,
 		}

 		// The sanitizer should always run at the end of the process to make sure unsafe HTML is filtered out.
-		entry.Content = sanitizer.Sanitize(pageBaseURL, entry.Content)
+		entry.Content = sanitizer.SanitizeHTML(pageBaseURL, entry.Content, &sanitizer.SanitizerOptions{OpenLinksInNewTab: user.OpenExternalLinksInNewTab})

 		updateEntryReadingTime(store, feed, entry, entryIsNew, user)

@ -181,7 +181,7 @@ func ProcessEntryWebPage(feed *model.Feed, entry *model.Entry, user *model.User)
 	}

 	rewrite.Rewriter(rewrittenEntryURL, entry, entry.Feed.RewriteRules)
-	entry.Content = sanitizer.Sanitize(pageBaseURL, entry.Content)
+	entry.Content = sanitizer.SanitizeHTML(pageBaseURL, entry.Content, &sanitizer.SanitizerOptions{OpenLinksInNewTab: user.OpenExternalLinksInNewTab})

 	return nil
 }
--- a/internal/reader/sanitizer/sanitizer.go
+++ b/internal/reader/sanitizer/sanitizer.go
@ -112,14 +112,23 @@ var (
 	}
 )

-// Sanitize returns safe HTML.
-func Sanitize(baseURL, input string) string {
+type SanitizerOptions struct {
+	OpenLinksInNewTab bool
+}
+
+func SanitizeHTMLWithDefaultOptions(baseURL, rawHTML string) string {
+	return SanitizeHTML(baseURL, rawHTML, &SanitizerOptions{
+		OpenLinksInNewTab: true,
+	})
+}
+
+func SanitizeHTML(baseURL, rawHTML string, sanitizerOptions *SanitizerOptions) string {
 	var buffer strings.Builder
 	var tagStack []string
 	var parentTag string
 	var blockedStack []string

-	tokenizer := html.NewTokenizer(strings.NewReader(input))
+	tokenizer := html.NewTokenizer(strings.NewReader(rawHTML))
 	for {
 		if tokenizer.Next() == html.ErrorToken {
 			err := tokenizer.Err()
@ -166,7 +175,7 @@ func Sanitize(baseURL, input string) string {
 			}

 			if len(blockedStack) == 0 && isValidTag(tagName) {
-				attrNames, htmlAttributes := sanitizeAttributes(baseURL, tagName, token.Attr)
+				attrNames, htmlAttributes := sanitizeAttributes(baseURL, tagName, token.Attr, sanitizerOptions)
 				if hasRequiredAttributes(tagName, attrNames) {
 					if len(attrNames) > 0 {
 						// Rewrite the start tag with allowed attributes.
@ -194,7 +203,7 @@ func Sanitize(baseURL, input string) string {
 				continue
 			}
 			if len(blockedStack) == 0 && isValidTag(tagName) {
-				attrNames, htmlAttributes := sanitizeAttributes(baseURL, tagName, token.Attr)
+				attrNames, htmlAttributes := sanitizeAttributes(baseURL, tagName, token.Attr, sanitizerOptions)
 				if hasRequiredAttributes(tagName, attrNames) {
 					if len(attrNames) > 0 {
 						buffer.WriteString("<" + tagName + " " + htmlAttributes + "/>")
@ -207,7 +216,7 @@ func Sanitize(baseURL, input string) string {
 	}
 }

-func sanitizeAttributes(baseURL, tagName string, attributes []html.Attribute) ([]string, string) {
+func sanitizeAttributes(baseURL, tagName string, attributes []html.Attribute, sanitizerOptions *SanitizerOptions) ([]string, string) {
 	var htmlAttrs, attrNames []string
 	var err error
 	var isImageLargerThanLayout bool
@ -269,7 +278,7 @@ func sanitizeAttributes(baseURL, tagName string, attributes []html.Attribute) ([
 	}

 	if !isAnchorLink {
-		extraAttrNames, extraHTMLAttributes := getExtraAttributes(tagName)
+		extraAttrNames, extraHTMLAttributes := getExtraAttributes(tagName, sanitizerOptions)
 		if len(extraAttrNames) > 0 {
 			attrNames = append(attrNames, extraAttrNames...)
 			htmlAttrs = append(htmlAttrs, extraHTMLAttributes...)
@ -279,10 +288,16 @@ func sanitizeAttributes(baseURL, tagName string, attributes []html.Attribute) ([
 	return attrNames, strings.Join(htmlAttrs, " ")
 }

-func getExtraAttributes(tagName string) ([]string, []string) {
+func getExtraAttributes(tagName string, sanitizerOptions *SanitizerOptions) ([]string, []string) {
 	switch tagName {
 	case "a":
-		return []string{"rel", "target", "referrerpolicy"}, []string{`rel="noopener noreferrer"`, `target="_blank"`, `referrerpolicy="no-referrer"`}
+		attributeNames := []string{"rel", "referrerpolicy"}
+		htmlAttributes := []string{`rel="noopener noreferrer"`, `referrerpolicy="no-referrer"`}
+		if sanitizerOptions.OpenLinksInNewTab {
+			attributeNames = append(attributeNames, "target")
+			htmlAttributes = append(htmlAttributes, `target="_blank"`)
+		}
+		return attributeNames, htmlAttributes
 	case "video", "audio":
 		return []string{"controls"}, []string{"controls"}
 	case "iframe":
--- a/internal/reader/sanitizer/sanitizer_test.go
+++ b/internal/reader/sanitizer/sanitizer_test.go
@ -33,7 +33,7 @@ func BenchmarkSanitize(b *testing.B) {
 	}
 	for range b.N {
 		for _, v := range testCases {
-			Sanitize(v[0], v[1])
+			SanitizeHTMLWithDefaultOptions(v[0], v[1])
 		}
 	}
 }
@ -46,7 +46,7 @@ func FuzzSanitizer(f *testing.F) {
 			i++
 		}

-		out := Sanitize("", orig)
+		out := SanitizeHTMLWithDefaultOptions("", orig)

 		tok = html.NewTokenizer(strings.NewReader(out))
 		j := 0
@ -62,7 +62,7 @@ func FuzzSanitizer(f *testing.F) {

 func TestValidInput(t *testing.T) {
 	input := `<p>This is a <strong>text</strong> with an image: <img src="http://example.org/" alt="Test" loading="lazy">.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if input != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, input, output)
@ -72,7 +72,7 @@ func TestValidInput(t *testing.T) {
 func TestImgWithWidthAndHeightAttribute(t *testing.T) {
 	input := `<img src="https://example.org/image.png" width="10" height="20">`
 	expected := `<img src="https://example.org/image.png" width="10" height="20" loading="lazy">`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if output != expected {
 		t.Errorf(`Wrong output: %s`, output)
@ -82,7 +82,7 @@ func TestImgWithWidthAndHeightAttribute(t *testing.T) {
 func TestImgWithWidthAndHeightAttributeLargerThanMinifluxLayout(t *testing.T) {
 	input := `<img src="https://example.org/image.png" width="1200" height="675">`
 	expected := `<img src="https://example.org/image.png" loading="lazy">`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if output != expected {
 		t.Errorf(`Wrong output: %s`, output)
@ -92,7 +92,7 @@ func TestImgWithWidthAndHeightAttributeLargerThanMinifluxLayout(t *testing.T) {
 func TestImgWithIncorrectWidthAndHeightAttribute(t *testing.T) {
 	input := `<img src="https://example.org/image.png" width="10px" height="20px">`
 	expected := `<img src="https://example.org/image.png" loading="lazy">`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if output != expected {
 		t.Errorf(`Wrong output: %s`, output)
@ -102,7 +102,7 @@ func TestImgWithIncorrectWidthAndHeightAttribute(t *testing.T) {
 func TestImgWithTextDataURL(t *testing.T) {
 	input := `<img src="data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==" alt="Example">`
 	expected := ``
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if output != expected {
 		t.Errorf(`Wrong output: %s`, output)
@ -112,7 +112,7 @@ func TestImgWithTextDataURL(t *testing.T) {
 func TestImgWithDataURL(t *testing.T) {
 	input := `<img src="data:image/gif;base64,test" alt="Example">`
 	expected := `<img src="data:image/gif;base64,test" alt="Example" loading="lazy">`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if output != expected {
 		t.Errorf(`Wrong output: %s`, output)
@ -122,7 +122,7 @@ func TestImgWithDataURL(t *testing.T) {
 func TestImgWithSrcsetAttribute(t *testing.T) {
 	input := `<img srcset="example-320w.jpg, example-480w.jpg 1.5x,   example-640w.jpg 2x, example-640w.jpg 640w" src="example-640w.jpg" alt="Example">`
 	expected := `<img srcset="http://example.org/example-320w.jpg, http://example.org/example-480w.jpg 1.5x, http://example.org/example-640w.jpg 2x, http://example.org/example-640w.jpg 640w" src="http://example.org/example-640w.jpg" alt="Example" loading="lazy">`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if output != expected {
 		t.Errorf(`Wrong output: %s`, output)
@ -132,7 +132,7 @@ func TestImgWithSrcsetAttribute(t *testing.T) {
 func TestImgWithSrcsetAndNoSrcAttribute(t *testing.T) {
 	input := `<img srcset="example-320w.jpg, example-480w.jpg 1.5x,   example-640w.jpg 2x, example-640w.jpg 640w" alt="Example">`
 	expected := `<img srcset="http://example.org/example-320w.jpg, http://example.org/example-480w.jpg 1.5x, http://example.org/example-640w.jpg 2x, http://example.org/example-640w.jpg 640w" alt="Example" loading="lazy">`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if output != expected {
 		t.Errorf(`Wrong output: %s`, output)
@ -142,7 +142,7 @@ func TestImgWithSrcsetAndNoSrcAttribute(t *testing.T) {
 func TestSourceWithSrcsetAndMedia(t *testing.T) {
 	input := `<picture><source media="(min-width: 800px)" srcset="elva-800w.jpg"></picture>`
 	expected := `<picture><source media="(min-width: 800px)" srcset="http://example.org/elva-800w.jpg"></picture>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if output != expected {
 		t.Errorf(`Wrong output: %s`, output)
@ -152,7 +152,7 @@ func TestSourceWithSrcsetAndMedia(t *testing.T) {
 func TestMediumImgWithSrcset(t *testing.T) {
 	input := `<img alt="Image for post" class="t u v ef aj" src="https://miro.medium.com/max/5460/1*aJ9JibWDqO81qMfNtqgqrw.jpeg" srcset="https://miro.medium.com/max/552/1*aJ9JibWDqO81qMfNtqgqrw.jpeg 276w, https://miro.medium.com/max/1000/1*aJ9JibWDqO81qMfNtqgqrw.jpeg 500w" sizes="500px" width="2730" height="3407">`
 	expected := `<img alt="Image for post" src="https://miro.medium.com/max/5460/1*aJ9JibWDqO81qMfNtqgqrw.jpeg" srcset="https://miro.medium.com/max/552/1*aJ9JibWDqO81qMfNtqgqrw.jpeg 276w, https://miro.medium.com/max/1000/1*aJ9JibWDqO81qMfNtqgqrw.jpeg 500w" sizes="500px" loading="lazy">`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if output != expected {
 		t.Errorf(`Wrong output: %s`, output)
@ -161,7 +161,7 @@ func TestMediumImgWithSrcset(t *testing.T) {

 func TestSelfClosingTags(t *testing.T) {
 	input := `<p>This <br> is a <strong>text</strong> <br/>with an image: <img src="http://example.org/" alt="Test" loading="lazy"/>.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if input != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, input, output)
@ -170,7 +170,7 @@ func TestSelfClosingTags(t *testing.T) {

 func TestTable(t *testing.T) {
 	input := `<table><tr><th>A</th><th colspan="2">B</th></tr><tr><td>C</td><td>D</td><td>E</td></tr></table>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if input != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, input, output)
@ -179,8 +179,8 @@ func TestTable(t *testing.T) {

 func TestRelativeURL(t *testing.T) {
 	input := `This <a href="/test.html">link is relative</a> and this image: <img src="../folder/image.png"/>`
-	expected := `This <a href="http://example.org/test.html" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">link is relative</a> and this image: <img src="http://example.org/folder/image.png" loading="lazy"/>`
-	output := Sanitize("http://example.org/", input)
+	expected := `This <a href="http://example.org/test.html" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">link is relative</a> and this image: <img src="http://example.org/folder/image.png" loading="lazy"/>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -189,8 +189,8 @@ func TestRelativeURL(t *testing.T) {

 func TestProtocolRelativeURL(t *testing.T) {
 	input := `This <a href="//static.example.org/index.html">link is relative</a>.`
-	expected := `This <a href="https://static.example.org/index.html" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">link is relative</a>.`
-	output := Sanitize("http://example.org/", input)
+	expected := `This <a href="https://static.example.org/index.html" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">link is relative</a>.`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -200,7 +200,7 @@ func TestProtocolRelativeURL(t *testing.T) {
 func TestInvalidTag(t *testing.T) {
 	input := `<p>My invalid <z>tag</z>.</p>`
 	expected := `<p>My invalid tag.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -210,7 +210,7 @@ func TestInvalidTag(t *testing.T) {
 func TestVideoTag(t *testing.T) {
 	input := `<p>My valid <video src="videofile.webm" autoplay poster="posterimage.jpg">fallback</video>.</p>`
 	expected := `<p>My valid <video src="http://example.org/videofile.webm" poster="http://example.org/posterimage.jpg" controls>fallback</video>.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -220,7 +220,7 @@ func TestVideoTag(t *testing.T) {
 func TestAudioAndSourceTag(t *testing.T) {
 	input := `<p>My music <audio controls="controls"><source src="foo.wav" type="audio/wav"></audio>.</p>`
 	expected := `<p>My music <audio controls><source src="http://example.org/foo.wav" type="audio/wav"></audio>.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -230,7 +230,7 @@ func TestAudioAndSourceTag(t *testing.T) {
 func TestUnknownTag(t *testing.T) {
 	input := `<p>My invalid <unknown>tag</unknown>.</p>`
 	expected := `<p>My invalid tag.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -240,7 +240,7 @@ func TestUnknownTag(t *testing.T) {
 func TestInvalidNestedTag(t *testing.T) {
 	input := `<p>My invalid <z>tag with some <em>valid</em> tag</z>.</p>`
 	expected := `<p>My invalid tag with some <em>valid</em> tag.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -250,7 +250,7 @@ func TestInvalidNestedTag(t *testing.T) {
 func TestInvalidIFrame(t *testing.T) {
 	input := `<iframe src="http://example.org/"></iframe>`
 	expected := ``
-	output := Sanitize("http://example.com/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.com/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -260,7 +260,27 @@ func TestInvalidIFrame(t *testing.T) {
 func TestIFrameWithChildElements(t *testing.T) {
 	input := `<iframe src="https://www.youtube.com/"><p>test</p></iframe>`
 	expected := `<iframe src="https://www.youtube.com/" sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox" loading="lazy"></iframe>`
-	output := Sanitize("http://example.com/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.com/", input)
+
+	if expected != output {
+		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
+	}
+}
+
+func TestLinkWithTarget(t *testing.T) {
+	input := `<p>This link is <a href="http://example.org/index.html">an anchor</a></p>`
+	expected := `<p>This link is <a href="http://example.org/index.html" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">an anchor</a></p>`
+	output := SanitizeHTML("http://example.org/", input, &SanitizerOptions{OpenLinksInNewTab: true})
+
+	if expected != output {
+		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
+	}
+}
+
+func TestLinkWithNoTarget(t *testing.T) {
+	input := `<p>This link is <a href="http://example.org/index.html">an anchor</a></p>`
+	expected := `<p>This link is <a href="http://example.org/index.html" rel="noopener noreferrer" referrerpolicy="no-referrer">an anchor</a></p>`
+	output := SanitizeHTML("http://example.org/", input, &SanitizerOptions{OpenLinksInNewTab: false})

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -270,7 +290,7 @@ func TestIFrameWithChildElements(t *testing.T) {
 func TestAnchorLink(t *testing.T) {
 	input := `<p>This link is <a href="#some-anchor">an anchor</a></p>`
 	expected := `<p>This link is <a href="#some-anchor">an anchor</a></p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -280,7 +300,7 @@ func TestAnchorLink(t *testing.T) {
 func TestInvalidURLScheme(t *testing.T) {
 	input := `<p>This link is <a src="file:///etc/passwd">not valid</a></p>`
 	expected := `<p>This link is not valid</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -289,8 +309,8 @@ func TestInvalidURLScheme(t *testing.T) {

 func TestAPTURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="apt:some-package?channel=test">valid</a></p>`
-	expected := `<p>This link is <a href="apt:some-package?channel=test" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="apt:some-package?channel=test" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -299,8 +319,8 @@ func TestAPTURIScheme(t *testing.T) {

 func TestBitcoinURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W">valid</a></p>`
-	expected := `<p>This link is <a href="bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -309,8 +329,8 @@ func TestBitcoinURIScheme(t *testing.T) {

 func TestCallToURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="callto:12345679">valid</a></p>`
-	expected := `<p>This link is <a href="callto:12345679" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="callto:12345679" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -319,16 +339,16 @@ func TestCallToURIScheme(t *testing.T) {

 func TestFeedURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="feed://example.com/rss.xml">valid</a></p>`
-	expected := `<p>This link is <a href="feed://example.com/rss.xml" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="feed://example.com/rss.xml" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}

 	input = `<p>This link is <a href="feed:https://example.com/rss.xml">valid</a></p>`
-	expected = `<p>This link is <a href="feed:https://example.com/rss.xml" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output = Sanitize("http://example.org/", input)
+	expected = `<p>This link is <a href="feed:https://example.com/rss.xml" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output = SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -337,8 +357,8 @@ func TestFeedURIScheme(t *testing.T) {

 func TestGeoURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="geo:13.4125,103.8667">valid</a></p>`
-	expected := `<p>This link is <a href="geo:13.4125,103.8667" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="geo:13.4125,103.8667" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -347,16 +367,16 @@ func TestGeoURIScheme(t *testing.T) {

 func TestItunesURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="itms://itunes.com/apps/my-app-name">valid</a></p>`
-	expected := `<p>This link is <a href="itms://itunes.com/apps/my-app-name" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="itms://itunes.com/apps/my-app-name" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}

 	input = `<p>This link is <a href="itms-apps://itunes.com/apps/my-app-name">valid</a></p>`
-	expected = `<p>This link is <a href="itms-apps://itunes.com/apps/my-app-name" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output = Sanitize("http://example.org/", input)
+	expected = `<p>This link is <a href="itms-apps://itunes.com/apps/my-app-name" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output = SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -365,8 +385,8 @@ func TestItunesURIScheme(t *testing.T) {

 func TestMagnetURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="magnet:?xt.1=urn:sha1:YNCKHTQCWBTRNJIV4WNAE52SJUQCZO5C&amp;xt.2=urn:sha1:TXGCZQTH26NL6OUQAJJPFALHG2LTGBC7">valid</a></p>`
-	expected := `<p>This link is <a href="magnet:?xt.1=urn:sha1:YNCKHTQCWBTRNJIV4WNAE52SJUQCZO5C&amp;xt.2=urn:sha1:TXGCZQTH26NL6OUQAJJPFALHG2LTGBC7" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="magnet:?xt.1=urn:sha1:YNCKHTQCWBTRNJIV4WNAE52SJUQCZO5C&amp;xt.2=urn:sha1:TXGCZQTH26NL6OUQAJJPFALHG2LTGBC7" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -375,8 +395,8 @@ func TestMagnetURIScheme(t *testing.T) {

 func TestMailtoURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="mailto:jsmith@example.com?subject=A%20Test&amp;body=My%20idea%20is%3A%20%0A">valid</a></p>`
-	expected := `<p>This link is <a href="mailto:jsmith@example.com?subject=A%20Test&amp;body=My%20idea%20is%3A%20%0A" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="mailto:jsmith@example.com?subject=A%20Test&amp;body=My%20idea%20is%3A%20%0A" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -385,24 +405,24 @@ func TestMailtoURIScheme(t *testing.T) {

 func TestNewsURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="news://news.server.example/*">valid</a></p>`
-	expected := `<p>This link is <a href="news://news.server.example/*" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="news://news.server.example/*" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}

 	input = `<p>This link is <a href="news:example.group.this">valid</a></p>`
-	expected = `<p>This link is <a href="news:example.group.this" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output = Sanitize("http://example.org/", input)
+	expected = `<p>This link is <a href="news:example.group.this" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output = SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}

 	input = `<p>This link is <a href="nntp://news.server.example/example.group.this">valid</a></p>`
-	expected = `<p>This link is <a href="nntp://news.server.example/example.group.this" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output = Sanitize("http://example.org/", input)
+	expected = `<p>This link is <a href="nntp://news.server.example/example.group.this" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output = SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -411,8 +431,8 @@ func TestNewsURIScheme(t *testing.T) {

 func TestRTMPURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="rtmp://mycompany.com/vod/mp4:mycoolvideo.mov">valid</a></p>`
-	expected := `<p>This link is <a href="rtmp://mycompany.com/vod/mp4:mycoolvideo.mov" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="rtmp://mycompany.com/vod/mp4:mycoolvideo.mov" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -421,16 +441,16 @@ func TestRTMPURIScheme(t *testing.T) {

 func TestSIPURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="sip:+1-212-555-1212:1234@gateway.com;user=phone">valid</a></p>`
-	expected := `<p>This link is <a href="sip:+1-212-555-1212:1234@gateway.com;user=phone" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="sip:+1-212-555-1212:1234@gateway.com;user=phone" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}

 	input = `<p>This link is <a href="sips:alice@atlanta.com?subject=project%20x&amp;priority=urgent">valid</a></p>`
-	expected = `<p>This link is <a href="sips:alice@atlanta.com?subject=project%20x&amp;priority=urgent" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output = Sanitize("http://example.org/", input)
+	expected = `<p>This link is <a href="sips:alice@atlanta.com?subject=project%20x&amp;priority=urgent" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output = SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -439,8 +459,8 @@ func TestSIPURIScheme(t *testing.T) {

 func TestSkypeURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="skype:echo123?call">valid</a></p>`
-	expected := `<p>This link is <a href="skype:echo123?call" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="skype:echo123?call" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -449,8 +469,8 @@ func TestSkypeURIScheme(t *testing.T) {

 func TestSpotifyURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="spotify:track:2jCnn1QPQ3E8ExtLe6INsx">valid</a></p>`
-	expected := `<p>This link is <a href="spotify:track:2jCnn1QPQ3E8ExtLe6INsx" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="spotify:track:2jCnn1QPQ3E8ExtLe6INsx" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -459,8 +479,8 @@ func TestSpotifyURIScheme(t *testing.T) {

 func TestSteamURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="steam://settings/account">valid</a></p>`
-	expected := `<p>This link is <a href="steam://settings/account" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="steam://settings/account" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -469,16 +489,16 @@ func TestSteamURIScheme(t *testing.T) {

 func TestSubversionURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="svn://example.org">valid</a></p>`
-	expected := `<p>This link is <a href="svn://example.org" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="svn://example.org" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}

 	input = `<p>This link is <a href="svn+ssh://example.org">valid</a></p>`
-	expected = `<p>This link is <a href="svn+ssh://example.org" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output = Sanitize("http://example.org/", input)
+	expected = `<p>This link is <a href="svn+ssh://example.org" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output = SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -487,8 +507,8 @@ func TestSubversionURIScheme(t *testing.T) {

 func TestTelURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="tel:+1-201-555-0123">valid</a></p>`
-	expected := `<p>This link is <a href="tel:+1-201-555-0123" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="tel:+1-201-555-0123" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -497,8 +517,8 @@ func TestTelURIScheme(t *testing.T) {

 func TestWebcalURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="webcal://example.com/calendar.ics">valid</a></p>`
-	expected := `<p>This link is <a href="webcal://example.com/calendar.ics" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="webcal://example.com/calendar.ics" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -507,8 +527,8 @@ func TestWebcalURIScheme(t *testing.T) {

 func TestXMPPURIScheme(t *testing.T) {
 	input := `<p>This link is <a href="xmpp:user@host?subscribe&amp;type=subscribed">valid</a></p>`
-	expected := `<p>This link is <a href="xmpp:user@host?subscribe&amp;type=subscribed" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">valid</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link is <a href="xmpp:user@host?subscribe&amp;type=subscribed" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">valid</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -518,7 +538,7 @@ func TestXMPPURIScheme(t *testing.T) {
 func TestBlacklistedLink(t *testing.T) {
 	input := `<p>This image is not valid <img src="https://stats.wordpress.com/some-tracker"></p>`
 	expected := `<p>This image is not valid </p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -527,8 +547,8 @@ func TestBlacklistedLink(t *testing.T) {

 func TestLinkWithTrackers(t *testing.T) {
 	input := `<p>This link has trackers <a href="https://example.com/page?utm_source=newsletter">Test</a></p>`
-	expected := `<p>This link has trackers <a href="https://example.com/page" rel="noopener noreferrer" target="_blank" referrerpolicy="no-referrer">Test</a></p>`
-	output := Sanitize("http://example.org/", input)
+	expected := `<p>This link has trackers <a href="https://example.com/page" rel="noopener noreferrer" referrerpolicy="no-referrer" target="_blank">Test</a></p>`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -538,7 +558,7 @@ func TestLinkWithTrackers(t *testing.T) {
 func TestImageSrcWithTrackers(t *testing.T) {
 	input := `<p>This image has trackers <img src="https://example.org/?id=123&utm_source=newsletter&utm_medium=email&fbclid=abc123"></p>`
 	expected := `<p>This image has trackers <img src="https://example.org/?id=123" loading="lazy"></p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -548,7 +568,7 @@ func TestImageSrcWithTrackers(t *testing.T) {
 func TestPixelTracker(t *testing.T) {
 	input := `<p><img src="https://tracker1.example.org/" height="1" width="1"> and <img src="https://tracker2.example.org/" height="1" width="1"/></p>`
 	expected := `<p> and </p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -558,7 +578,7 @@ func TestPixelTracker(t *testing.T) {
 func TestXmlEntities(t *testing.T) {
 	input := `<pre>echo "test" &gt; /etc/hosts</pre>`
 	expected := `<pre>echo &#34;test&#34; &gt; /etc/hosts</pre>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -568,7 +588,7 @@ func TestXmlEntities(t *testing.T) {
 func TestEspaceAttributes(t *testing.T) {
 	input := `<td rowspan="<b>test</b>">test</td>`
 	expected := `<td rowspan="&lt;b&gt;test&lt;/b&gt;">test</td>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -578,7 +598,7 @@ func TestEspaceAttributes(t *testing.T) {
 func TestReplaceYoutubeURL(t *testing.T) {
 	input := `<iframe src="http://www.youtube.com/embed/test123?version=3&#038;rel=1&#038;fs=1&#038;autohide=2&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;wmode=transparent"></iframe>`
 	expected := `<iframe src="https://www.youtube-nocookie.com/embed/test123?version=3&amp;rel=1&amp;fs=1&amp;autohide=2&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox" loading="lazy"></iframe>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -588,7 +608,7 @@ func TestReplaceYoutubeURL(t *testing.T) {
 func TestReplaceSecureYoutubeURL(t *testing.T) {
 	input := `<iframe src="https://www.youtube.com/embed/test123"></iframe>`
 	expected := `<iframe src="https://www.youtube-nocookie.com/embed/test123" sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox" loading="lazy"></iframe>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -598,7 +618,7 @@ func TestReplaceSecureYoutubeURL(t *testing.T) {
 func TestReplaceSecureYoutubeURLWithParameters(t *testing.T) {
 	input := `<iframe src="https://www.youtube.com/embed/test123?rel=0&amp;controls=0"></iframe>`
 	expected := `<iframe src="https://www.youtube-nocookie.com/embed/test123?rel=0&amp;controls=0" sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox" loading="lazy"></iframe>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -608,7 +628,7 @@ func TestReplaceSecureYoutubeURLWithParameters(t *testing.T) {
 func TestReplaceYoutubeURLAlreadyReplaced(t *testing.T) {
 	input := `<iframe src="https://www.youtube-nocookie.com/embed/test123?rel=0&amp;controls=0" sandbox="allow-scripts allow-same-origin"></iframe>`
 	expected := `<iframe src="https://www.youtube-nocookie.com/embed/test123?rel=0&amp;controls=0" sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox" loading="lazy"></iframe>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -618,7 +638,7 @@ func TestReplaceYoutubeURLAlreadyReplaced(t *testing.T) {
 func TestReplaceProtocolRelativeYoutubeURL(t *testing.T) {
 	input := `<iframe src="//www.youtube.com/embed/Bf2W84jrGqs" width="560" height="314" allowfullscreen="allowfullscreen"></iframe>`
 	expected := `<iframe src="https://www.youtube-nocookie.com/embed/Bf2W84jrGqs" width="560" height="314" allowfullscreen="allowfullscreen" sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox" loading="lazy"></iframe>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -639,7 +659,7 @@ func TestReplaceYoutubeURLWithCustomURL(t *testing.T) {

 	input := `<iframe src="https://www.youtube.com/embed/test123?version=3&#038;rel=1&#038;fs=1&#038;autohide=2&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;wmode=transparent"></iframe>`
 	expected := `<iframe src="https://invidious.custom/embed/test123?version=3&amp;rel=1&amp;fs=1&amp;autohide=2&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox" loading="lazy"></iframe>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -649,7 +669,7 @@ func TestReplaceYoutubeURLWithCustomURL(t *testing.T) {
 func TestReplaceIframeVimedoDNTURL(t *testing.T) {
 	input := `<iframe src="https://player.vimeo.com/video/123456?title=0&amp;byline=0"></iframe>`
 	expected := `<iframe src="https://player.vimeo.com/video/123456?title=0&amp;byline=0&amp;dnt=1" sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox" loading="lazy"></iframe>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -659,7 +679,7 @@ func TestReplaceIframeVimedoDNTURL(t *testing.T) {
 func TestReplaceNoScript(t *testing.T) {
 	input := `<p>Before paragraph.</p><noscript>Inside <code>noscript</code> tag with an image: <img src="http://example.org/" alt="Test" loading="lazy"></noscript><p>After paragraph.</p>`
 	expected := `<p>Before paragraph.</p><p>After paragraph.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -669,7 +689,7 @@ func TestReplaceNoScript(t *testing.T) {
 func TestReplaceScript(t *testing.T) {
 	input := `<p>Before paragraph.</p><script type="text/javascript">alert("1");</script><p>After paragraph.</p>`
 	expected := `<p>Before paragraph.</p><p>After paragraph.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -679,7 +699,7 @@ func TestReplaceScript(t *testing.T) {
 func TestReplaceStyle(t *testing.T) {
 	input := `<p>Before paragraph.</p><style>body { background-color: #ff0000; }</style><p>After paragraph.</p>`
 	expected := `<p>Before paragraph.</p><p>After paragraph.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -689,7 +709,7 @@ func TestReplaceStyle(t *testing.T) {
 func TestHiddenParagraph(t *testing.T) {
 	input := `<p>Before paragraph.</p><p hidden>This should <em>not</em> appear in the <strong>output</strong></p><p>After paragraph.</p>`
 	expected := `<p>Before paragraph.</p><p>After paragraph.</p>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
@ -700,7 +720,7 @@ func TestAttributesAreStripped(t *testing.T) {
 	input := `<p style="color: red;">Some text.<hr style="color: blue"/>Test.</p>`
 	expected := `<p>Some text.<hr/>Test.</p>`

-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)
 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
 	}
@ -709,7 +729,7 @@ func TestAttributesAreStripped(t *testing.T) {
 func TestMathML(t *testing.T) {
 	input := `<math xmlns="http://www.w3.org/1998/Math/MathML"><msup><mi>x</mi><mn>2</mn></msup></math>`
 	expected := `<math xmlns="http://www.w3.org/1998/Math/MathML"><msup><mi>x</mi><mn>2</mn></msup></math>`
-	output := Sanitize("http://example.org/", input)
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)

 	if expected != output {
 		t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)