Sanitize css before sending to Anki

[Kuuuube]

Prevents malformed css from making it to Anki. Browsers already sanitize css when adding it to the DOM so there's no need to add sanitization there.

[stephenmk]

A CSS parser such as the one provided by CSSStyleSheet will also be needed to resolve issue #1500, so it may be worthwhile to either require the functionality (i.e., produce a fatal error if it's not implemented by the user's browser rather than quietly failing) or include it in some third party library.

[Kuuuube]

The reason for adding that is I highly suspect it isn't available in kiwi browser (to avoid #1701 part 2). Full on breaking compatibility with kiwi is a no-go since so many people use it for yomitan on android.

@jamesmaa if you could test if this that would be appreciated. KTY dicts are an easy test since all of the term dicts have a styles.css included. Or just run this in console and see if it errors:

sanitizer = new CSSStyleSheet();
sanitizer.replaceSync(".test { color: red; }");
[...sanitizer.cssRules].map((rule) => rule.cssText || '').join('\n');

It also does log the failures.

[stephenmk]

For what it's worth, csstree seems to be standards-compliant, actively developed, and usable within a browser. Maybe it could be used to parse CSS without introducing a dependency upon new specific browser features.

[djahandarie]

I agree we should test on kiwi, but my understanding is that:

• The latest version of kiwi (124.0.6327.3) is based on Chromium 116
• CSSStylesheet() constructor has been available since Chromium 76
• replaceSync function has been available since Chromium 76

So I think it will probably be fine.

Pulling in new node deps and shipping them with the extension is best to avoid if possible.

[jamesmaa]

Seems to have worked on kiwi