Paste sanitizers not working (?)

[Durss]

Describe the bug
I'm trying to use the sanitizers on PastePlugin, but no matter what I try they do not seem executed.
Bellow I set up a sandbox that is supposed to strip out some styles like color or background-color thanks to the styleSanitizers option and it should drop b, ul and li tags thanks to additionalDisallowedTags but none of them seem to apply.
styleSanitizers callback do not seem to be ever called, I get no log on the console.

At this point I don't know if I'm not understanding how this feature works/what it's supposed to do or if it's completely broken 😅

Here is a simple code implementing it:

const pastePlugin = new PastePlugin(false, {
  additionalAllowedTags: [],
  additionalDisallowedTags: ["b", "strong", "ul", "li"],
  styleSanitizers: {
    "font-family": false,
    "font-weight": false,
    color: false,
    background: false,
    "background-color": false,
  },
  attributeSanitizers: {},
});
new Editor(editorRef.value, {
  plugins: [new EditPlugin(), pastePlugin],
  initialModel: createModelFromHtml(``),
});

To Reproduce
Steps to reproduce the behavior:

1. Go to this sandbox
2. Click on "Paste content" or manually paste formatted text
3. Formatted text is pushed to the editor with no cleanup

Expected behavior
At least font-family, color and background-color should be stripped out.
b, uland li tags should be dropped

Hints to track issues
I tried to track down the source code where things could break, I'm suspecting the wildcard selector on createDomToModelContextForSanitizing.ts L.56 to not work.
If I manually add tags to this list, styles get properly cleaned up:

                '*': createPasteGeneralProcessor(sanitizingOption),
                // Manually added tags
                div: createPasteGeneralProcessor(sanitizingOption),
                span: createPasteGeneralProcessor(sanitizingOption),
                p: createPasteGeneralProcessor(sanitizingOption),
                b: createPasteGeneralProcessor(sanitizingOption),
                i: createPasteGeneralProcessor(sanitizingOption),
                u: createPasteGeneralProcessor(sanitizingOption),
                strong: createPasteGeneralProcessor(sanitizingOption),
                em: createPasteGeneralProcessor(sanitizingOption),
                blockquote: createPasteGeneralProcessor(sanitizingOption),
                section: createPasteGeneralProcessor(sanitizingOption),
                a: createPasteGeneralProcessor(sanitizingOption),
                ul: createPasteGeneralProcessor(sanitizingOption),
                li: createPasteGeneralProcessor(sanitizingOption),
                font: createPasteGeneralProcessor(sanitizingOption),
                h1: createPasteGeneralProcessor(sanitizingOption),
                h2: createPasteGeneralProcessor(sanitizingOption),
                h3: createPasteGeneralProcessor(sanitizingOption),
                h4: createPasteGeneralProcessor(sanitizingOption),
                h5: createPasteGeneralProcessor(sanitizingOption),
                h6: createPasteGeneralProcessor(sanitizingOption),

That's definitely not a good solution and it doesn't solve the other issue where additionalDisallowedTags tags are not stripped out but that may give you some hints.

Device Information

• OS: Mac 26.2
• Browser: Vivaldi 7.7.3851.67
• Chromium: 142.0.7444.267
• Rooster: 9.45.2

[BryanValverdeU]

Hello,
We are only using these sanitizing options for general model, general models are those that currently dont have a dedicated processor in the library at the moment, so we use this option to sanitize those specific cases.

We dont have an official fix for this at the moment, however you can handle the beforePasteEvent and override the element procesor like:

import {
    AllowedTags,
    DisallowedTags,
    sanitizeElement,
} from 'roosterjs-content-model-core/lib/command/createModelFromHtml/sanitizeElement';

if (event.eventType == 'beforePaste') {

        if (!event.domToModelOption.processorOverride) {
            event.domToModelOption.processorOverride = {};
        }

        event.domToModelOption.processorOverride.element = (group, element, context) => {
            const allowedTags = AllowedTags.concat(event.domToModelOption.additionalAllowedTags);
            const disallowedTags = DisallowedTags.concat(
                event.domToModelOption.additionalDisallowedTags
            );
            const styleSanitizers = Object.assign({}, event.domToModelOption.styleSanitizers);
            const attrSanitizers = event.domToModelOption.attributeSanitizers;

            const sanitizedElement = sanitizeElement(
                element,
                allowedTags,
                disallowedTags,
                styleSanitizers,
                attrSanitizers
            );
            if (sanitizedElement) {
                context.defaultElementProcessors.element(group, sanitizedElement, context);
            }
        };

}

I will add a comment to this param, looks like we missed adding it.