sanitize-html not acknowledging allowedSchemes options

var sanitizeHtml = require("sanitize-html");

const ALLOWED_SCHEMES = ['http', 'https'];

const htmlStr = ''"><meta http-equiv="refresh" content="0;url=file:///etc/passwd" />';

const cleanedHTML = sanitizeHtml(htmlStr, {
    allowedAttributes: false,
    allowedTags: false,
    allowVulnerableTags: true,
    allowedSchemes: ALLOWED_SCHEMES,
    allowProtocolRelative: false,
    disallowedTagsMode: 'completelyDiscard',
    allowedSchemesByTag: {
        img: [...ALLOWED_SCHEMES, 'data']
    },
});

console.log(cleanedHTML);

Actual behavior

'"&gt;<meta http-equiv="refresh" content="0;url=file:///etc/passwd" />

Expected behavior

'"&gt;<meta http-equiv="refresh" content="0" />

**Description of the issue: **
Even though I have configured to allow only ‘http’ and ‘https’ schemes, ‘file’ scheme is getting allowed in content="0;url=file:///etc/passwd attribute

Details:

Version of Node.js: 18 LTS

2.13.1 version of sanitize-html npm dependency https://www.npmjs.com/package/sanitize-html