Include magnet scheme in sanitize HTML params

[zeroware]

Update HtmlUtils sanitze-html params to include the magnet scheme

[ara4n]

@dbkr: what do you think about this? I'm a bit worried about allowing more exotic schemes in case there are vulns in how they're implemented in some platforms (e.g. XSS attacks due to the URI handler managing to execute JS embedded in the URL or whatever).

@zeroware: for this to merge we'd also need it whitelisted in ios-sdk and android-sdk too for consistency. But hold off first until we get feedback on the above q.

[dbkr]

It's probably OK I think. It's only a concern if the browser manages to execute js in the URL in the course of parsing it or it being clicked on, and we shouldn't be doing any per-protocol parsing. If the thing that's handling the URL manages to execute arbitrary JS, it would have the same problem if that link were clicked from a website / email.

[ara4n]

ok. lgtm then.