Disallow style tag and attributes from DOMPurify's default config
This a defense in depth issue created from #342988 (closed).
Proposal
// add <style> elements to block-list
var clean = DOMPurify.sanitize(dirty, {FORBID_TAGS: ['style']});
// add style attributes to block-list
var clean = DOMPurify.sanitize(dirty, {FORBID_ATTR: ['style']});
Edited by Dheeraj Joshi