Update HTML parser to use an IFRAME

Gives us better sandboxing of unsafe HTML content

core/modules/parsers/htmlparser.js

@@ -13,9 +13,18 @@ The HTML parser displays text as raw HTML
 "use strict";
 
 var HtmlParser = function(type,text,options) {
+	var src;
+	if(options._canonical_uri) {
+		src = options._canonical_uri;
+	} else if(text) {
+		src = "data:text/html," + encodeURIComponent(text);
+	}
 	this.tree = [{
-		type: "raw",
-		html: text
+		type: "element",
+		tag: "iframe",
+		attributes: {
+			src: {type: "string", value: src}
+		}
 	}];
 };