Remove DOMPurify attribute sanitization

Due to a bug in DOMPurify, we had to implement
potentially dangerous data-* attribute sanitization using
hooks. These checks can be removed now as they are
no longer needed.

This will allow v-safe-html to configure if it should allow
these attributes for inputs that are safe.

This reverts changes introduced in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65301

Changelog: changed

app/assets/javascripts/lib/dompurify.js

 import { sanitize as dompurifySanitize, addHook } from 'dompurify';
 import { getBaseURL, relativePathToAbsolute } from '~/lib/utils/url_utility';
 
-// Safely allow SVG <use> tags
-
 const defaultConfig = {
+  // Safely allow SVG <use> tags
   ADD_TAGS: ['use'],
+  // Prevent possible XSS attacks with data-* attributes used by @rails/ujs
+  // See https://gitlab.com/gitlab-org/gitlab-ui/-/issues/1421
+  FORBID_ATTR: ['data-remote', 'data-url', 'data-type', 'data-method'],
 };
 
-const forbiddenDataAttrs = ['data-remote', 'data-url', 'data-type', 'data-method'];
-
 // Only icons urls from `gon` are allowed
 const getAllowedIconUrls = (gon = window.gon) =>
   [gon.sprite_file_icons, gon.sprite_icons].filter(Boolean);
@@ -46,19 +46,10 @@ const sanitizeSvgIcon = (node) => {
   removeUnsafeHref(node, 'xlink:href');
 };
 
-const sanitizeHTMLAttributes = (node) => {
-  forbiddenDataAttrs.forEach((attr) => {
-    if (node.hasAttribute(attr)) {
-      node.removeAttribute(attr);
-    }
-  });
-};
-
 addHook('afterSanitizeAttributes', (node) => {
   if (node.tagName.toLowerCase() === 'use') {
     sanitizeSvgIcon(node);
   }
-  sanitizeHTMLAttributes(node);
 });
 
 export const sanitize = (val, config = defaultConfig) => dompurifySanitize(val, config);