Discourse generates the cooked HTML in the browser, right? And sends it together with the raw markdown to the server and saves it server side? (Without re-rendering the HTML from the markdown server side)
Do you sanitize the HTML server side, with some Ruby tool then I suppose?
Best regards, KajMagnus