sanitize_css sort of ignores allowed_css_properties

[willkg]

html5lib-python/html5lib/filters/sanitizer.py

Line 854 in 1a28d72

elif prop.split('-')[0].lower() in ['background', 'border', 'margin',

That elif section essentially means that those four style properties get allowed regardless of allowed_css_properties value.

For example, this text:

<p style="color: red; float: left; padding: 1em;">blah</p>

with this allowed_css_properties:

['color']

gives this:

<p style="color: red; padding: 1em;">blah</p>

[willkg]

Is it sufficient to change the code to something like this?:

if prop.lower() in self.allowed_css_properties:
    clean.append(prop + ': ' + value + ';')
elif (prop.split('-')[0].lower() in ['background', 'border', 'margin', 'padding']
        and prop.split('-')[0].lower() in self.allowed_css_properties):
    ...

If so, I can submit a PR. If not, let me know what you want to do and I can submit a PR for that.