Fix HTML exploit of the day (shout-float in rich media)

fix classes and style not being stripped from rich content.

enabled an automatic merge when the pipeline for 7fed35a6 succeeds

aborted the automatic merge because source branch was updated

added 1 commit

• 74813864 - fix tests

Compare with previous version

enabled an automatic merge when the pipeline for 74813864 succeeds

mentioned in commit 6175a153

merged

This doesn't seems to still allow <img class="emoji"/> which seems a bit wrong.

btw backend side of things: pleroma!3792 (merged)

well, we add emoji ourselves so it doesn't really matters that much I think. I don't remember any software that adds emoji into the post body that is federated outwards. Old pleroma used to replace emoji with html but that's extremely old and probably not supported (since that still used the better QvitterAPI)