fix(Markdown): render markdown in more secure way

This commit changes markdown sanitization behaviour in following way:

class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.

The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.

src/core/plugins/oas3/wrap-components/markdown.jsx

@@ -9,14 +9,15 @@ const parser = new Remarkable("commonmark")
 parser.block.ruler.enable(["table"])
 parser.set({ linkTarget: "_blank" })
 
-export const Markdown = ({ source, className = "" }) => {
+export const Markdown = ({ source, className = "", getConfigs }) => {
   if(typeof source !== "string") {
     return null
   }
-  
+
   if ( source ) {
+    const { useUnsafeMarkdown } = getConfigs()
     const html = parser.render(source)
-    const sanitized = sanitizer(html)
+    const sanitized = sanitizer(html, { useUnsafeMarkdown })
 
     let trimmed
 
@@ -38,6 +39,11 @@ export const Markdown = ({ source, className = "" }) => {
 Markdown.propTypes = {
   source: PropTypes.string,
   className: PropTypes.string,
+  getConfigs: PropTypes.func,
+}
+
+Markdown.defaultProps = {
+  getConfigs: () => ({ useUnsafeMarkdown: false }),
 }
 
 export default OAS3ComponentWrapFactory(Markdown)