Strip malformed nested tags

[ashokak]

The main aim here is to avoid constructions like this from resulting in a script tag in the resulting output:

This is <a href="#html">HTML</a> with a <scr<script></script>ipt src="evil.js">SCRIPT

The other changes are:

• to add tests for the blacklist mode of sanitize
• to clear style and script blocks, including their bodies, even when the closing tag has any content (including just whitespace)

Please let me know if you'd rather have any of these parts as individual pull requests.