sanitize_config.rb in onebox-2.2.4

- old
+ new

@@ -8,10 +8,10 @@
     ONEBOX ||= freeze_config merge(RELAXED,
       elements: RELAXED[:elements] + %w[audio embed iframe source video svg path],
 
       attributes: {
         'a' => RELAXED[:attributes]['a'] + %w(target),
-        'audio' => %w[controls],
+        'audio' => %w[controls controlslist],
         'embed' => %w[height src type width],
         'iframe' => %w[allowfullscreen frameborder height scrolling src width data-original-href data-unsanitized-src],
         'source' => %w[src type],
         'video' => %w[controls height loop width autoplay muted poster controlslist playsinline],
         'path' => %w[d],