FEATURE: Apply censor watched words to Oneboxes (PR #12902)

GitHub

The title of this pull request changed from “FEATURE: Censor Oneboxes” to "FEATURE: Apply censor watched words to Oneboxes

Maybe the CGI.unescape_html("■") should be extracted into a constant?

What happens if the regexp is “bad” and ends up matching a LOT. Can we add some kind of protection?