Sanitizer API: Improve coverage

[JKingweb]

This change improve the coverage of the Sanitizer API Sanitizer object tests in a few areas:

• allowElement() with a data attribute when data attributes are already allowed
• The return values of setDataAttributes(), setComments() and removeUnsafe() (Chromium fails here)
• Modification of the attributes and elements lists when calling setDataAttributes(true)
• Modification of the attributes and elements lists when calling removeUnsafe()

The last of these might need to be changed because it tests something which is implementation-defined (event content attributes). I tried to pick attributes which wouldn't rely on a particular input method or anything but basic scripting features, though.

[otherdaniel]

Thank you very much!

[otherdaniel]

The last of these might need to be changed because it tests something which is implementation-defined (event content attributes). I tried to pick attributes which wouldn't rely on a particular input method or anything but basic scripting features, though.

Yeah, we struggled a bit with this: Event content handler attributes is a spec-defined term. The expectation is that when browsers introduce new event handlers that haven't made it into the spec yet, they'll also handle those. The current draft for the HTML spec goes further and just lists them. I think that gives us plenty examlpes to test against. :)