Added new property com.openexchange.html.sanitizer.allowedUrlSchemes in file 'html-sanitizer.properties' to specify allowed protocols/schemas for URIs inside HTML content.

That property specifies a comma-separated list of allowed protocols. This is useful to deny possibly harmful URIs like: javascript:alert('Evil XSS') or vbscript:alert('Evil XSS')

Default is: http,https,ftp,ftps,mailto