This is an XSS vulnribilitiy.
This also blocks a number of MD attributes that a user might attempt to
use.
The following are the allowed attributes.
['a', 'abbr', 'acronym', 'b', 'blockquote', 'code', 'em', 'i', 'li',
'ol', 'p', 'pre', 'strong', 'ul']
I belive this to be acceptable, as honeslty, a speaker using H1 is going
to stomp all over the page and make it harder for the reviewer to parse.
UX wise, it's less than great. A user can do # title and be left with
<h1> in the sanitized output.
* Remove markitup (to be replaced with Ace editor)
* Use DUA decorators
* Removed custom signup bits
* Upgraded dependencies
* Added migrations
* Namespaced template locations
* Removed html5parser/sanitizer (for now) - parsing functionality
should be moved out entirely to a hooks
* Replaced ProposalScoreExpression object with a function that returns
F() expressions
