FIX: Don't allow `<button>` in posts either.

app/assets/javascripts/defer/html-sanitizer-bundle.js

@@ -831,14 +831,6 @@ html4.ATTRIBS = {
   'bdo::dir': 0,
   'blockquote::cite': 1,
   'br::clear': 0,
-  'button::accesskey': 0,
-  'button::disabled': 0,
-  'button::name': 8,
-  'button::onblur': 2,
-  'button::onfocus': 2,
-  'button::tabindex': 0,
-  'button::type': 0,
-  'button::value': 0,
   'canvas::height': 0,
   'canvas::width': 0,
   'caption::align': 0,
@@ -1035,7 +1027,6 @@ html4.ELEMENTS = {
   'blockquote': 0,
   'body': 305,
   'br': 2,
-  'button': 0,
   'canvas': 0,
   'caption': 0,
   'cite': 0,
@@ -1157,7 +1148,6 @@ html4.ELEMENT_DOM_INTERFACES = {
   'blockquote': 'HTMLQuoteElement',
   'body': 'HTMLBodyElement',
   'br': 'HTMLBRElement',
-  'button': 'HTMLButtonElement',
   'canvas': 'HTMLCanvasElement',
   'caption': 'HTMLTableCaptionElement',
   'cite': 'HTMLElement',

test/javascripts/lib/markdown_test.js

@@ -350,6 +350,7 @@ test("sanitize", function() {
          "<iframe src=\"https://www.google.com/maps/embed?pb=!1m10!1m8!1m3!1d2624.9983685732213!2d2.29432085!3d48.85824149999999!3m2!1i1024!2i768!4f13.1!5e0!3m2!1sen!2s!4v1385737436368\" width=\"100\" height=\"42\"></iframe>",
          "it allows iframe to google maps");
   equal(sanitize("<textarea>hullo</textarea>"), "hullo");
+  equal(sanitize("<button>press me!</button>"), "press me!");
 });
 
 test("URLs in BBCode tags", function() {