Description

At the moment the HtmlSanitizerConfig::class is defaulting to dropAll. Then we can "upgrade" some elements / attributes to be "blocked" or even "allowed". If we want to allow things then we have a per element methods and the two methods allowSafeElements & allowStaticElements.

If we want to have everything blocked (as opposed to droped) then we have to list all elements that we want to block manually. There is no easy way.
I thing this should be the default behaviour on form inputs : if the user writes <h1>My Title</h1> I expect the tool to block any HTML tag by default instead of either droping it (with a custom sanitizer and empty configuration) or just sanitizing attributes (with default sanitizer).

WDYT ?

Example

framework:
    html_sanitizer:
        sanitizers:
            block_all:
                block_all_known: true
                allow_elements:
                    b: '*'
                    i: '*'
                    ul: '*'
                    li: '*'

<?php

$sanitizer->sanitize(<<<'HTML'
<h1>My Title</h1>
<ul>
    <li><h3>Something :</h3> Hello there
</ul>
HTML
);

/* 
Would output :
My Title
<ul>
    <li>Something : Hello there
</ul>
*/