See also OWASP Java HTML Sanitizer
string.sanitizeHTML( policy=any )
Either a org.owasp.html.PolicyFactory or a String with built in Sanitizers.
If omitted then all of the built-in policies are applied.
The built in Sanitizers are: