The Editor is currently very reliant on inline styles. Inline styles can be used for XSS attacks, and per the OWASP guidelines they should be sanitized: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.234_-_CSS_Escape_And_Strictly_Validate_Before_Inserting_Untrusted_Data_into_HTML_Style_Property_Values

This is not easy to do "after the fact", as it needs to be two way.

Suggest that the editor can be customized similar to TinyMCE (https://www.tinymce.com/docs/configure/content-formatting/#exampleofusageoftheformatsoption) to allow classes rather than inline styles.