The sanitizer uses a whitelisting approach (as opposed to "blacklisting") to clean out everything that's not allowed.
It uses browser/DOM to parse the HTML by creating an invisible "sandboxed" iframe (hence the browser "front-end only" requirement) which makes it much faster than "pure JavaScript" sanitizers, or server-side sanitizers.
Tags allowed by default
a, abbr, b, blockquote, body, br, center, code, div, em, font, h1, h2, h3, h4, h5, h6, hr, i, img, label, li, ol, p, pre, small, source, span, strong, table, tbody, tr, td, th, thead, ul, u, video
align, color, controls, height, href, src, style, target, title, type, width
color, background-color, font-size, text-align, text-decoration, font-weight
Why create a front-end HTML sanitizer if the input has to be sanitized on the server anyway?
Users often copy-paste awful HTML generated by MS Word, MS Outlook or Apple Mail that needs a clean-up. Or you need to remove excessive formatting in a WYSIWYG editor. Or you need to display an (ugly) email message in a (beautiful) mobile app. Or (my favourite) you simply need to ease the load in the server-side sanitizer. And many other use-cases.
Based on: https://github.com/jitbit/HtmlSanitizer