Allow <s> on sanitize markdown

[corinagum]

Fixes #3565

Changelog Entry

• Fixes #3565. Allow strikethrough <s> on sanitize markdown, by @corinagum in PR #XXX

Description

Previously, only (deprecated) <strike> was allowed via sanitize, but now this will allow <s> as well.

markdown text ~~strikethrough~~ will now render as <s>strikethrough</s>

Design

Specific Changes

• Add <s> to allowed tags in renderMarkdown.js

• Add <del> and <ins> to allowed tags (currently causes no change in behavior; see Tags <ins> and <del> are not preserved when added to allowedTags apostrophecms/sanitize-html#449)

• I have added tests and executed them locally

• I have updated CHANGELOG.md

• I have updated documentation

Review Checklist

This section is for contributors to review your work.

• Accessibility reviewed (tab order, content readability, alt text, color contrast)
• Browser and platform compatibilities reviewed
• CSS styles reviewed (minimal rules, no z-index)
• Documents reviewed (docs, samples, live demo)
• Internationalization reviewed (strings, unit formatting)
• package.json and package-lock.json reviewed
• Security reviewed (no data URIs, check for nonce leak)
• Tests reviewed (coverage, legitimacy)

[compulim]

Thanks for such simple tests, no need snapshots. 👍🏻

Could you add <del> and <ins> to the whitelist too?

<del> is new in HTML5 to strikethrough texts. <ins> to emphasize adding of text. Samples below:

This is <del>

This is <ins>

[corinagum]

@compulim neither tag passes tests - looks like sanitize-html doesn't skip filtering <ins> and <del> even if they're added to allowedTags.

Filed an issue: apostrophecms/sanitize-html#449

no tests added for latest addition