fix: preserve img style attribute through HTML sanitization

ammonia strips style attributes by default; explicitly allow style on
<img> so that email layout styles (max-width:100%;height:auto;display:block)
added by style_images_for_email survive sanitize_html.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: yoyo930021

src/newsletter.rs

@@ -41,8 +41,13 @@ fn style_images_for_email(html: &str) -> String {
 
 /// Sanitize HTML for public web display: strip `<script>`, event handlers,
 /// and other dangerous elements while preserving formatting tags.
+/// The `style` attribute on `<img>` is explicitly allowed so that
+/// email-client layout styles (max-width, height:auto, display:block) survive.
 pub fn sanitize_html(html: &str) -> String {
-    ammonia::clean(html)
+    ammonia::Builder::default()
+        .add_tag_attributes("img", &["style"])
+        .clean(html)
+        .to_string()
 }
 
 /// Replace `%recipient_name%` placeholder with the subscriber's name.
@@ -607,6 +612,13 @@ mod tests {
         assert!(result.contains("https://coscup.org"));
     }
 
+    #[test]
+    fn test_sanitize_html_preserves_img_style() {
+        let html = r#"<img src="https://example.com/img.png" style="max-width:100%;height:auto;display:block;">"#;
+        let result = sanitize_html(html);
+        assert!(result.contains(r#"style="max-width:100%;height:auto;display:block;""#));
+    }
+
     #[test]
     fn test_sanitize_html_preserves_formatting() {
         let html = r#"<h1>Title</h1><p><strong>Bold</strong> and <em>italic</em></p><ul><li>Item</li></ul>"#;