I have configured sanitize-html like this:

allowedTags: ['p', 'aside', 'h2', 'h3', 'h4', 'figure', 'br', 'em', 'strong', 'a', 'ol', 'ul', 'li', 'blockquote', 'table', 'th', 'tr', 'td', 'caption', 'colgroup', 'col', 'thead', 'tbody', 'tfoot'],
allowedAttributes: {
'a': ['href', 'name', 'target', 'rel', 'class'],
'aside': ['class'],
'*': ['class']
},
selfClosing: ['br']

When I send the following content to the server before sanitize-html is called it is like this:

<p>The PM claimed he hadn’t broken rules because nobody had told him the rules, which he wrote</p>
<aside class="infosnippet"><p>[[Snippet Placeholder]]</p></aside>

Once I run sanitize-html on the above content the class attribute on the <aside> tag is being stripped, so I end up with this:

<p>The PM claimed he hadn’t broken rules because nobody had told him the rules, which he wrote</p>
<aside><p>[[Snippet Placeholder]]</p></aside>

Looking at the docs I believe I have configured it properly to allow class attributes on the aside tag and in fact ALL tags using the wildcard.

Is this a configuration issue or a bug?

Once you add it to allowedAttributes, you'll need to look at allowedClasses.

Even with allowedClasses: [*] or allowedClasses: ['infosnippet'] it strips the class attribute out of the tag.

Please reopen as its not solved

Did you add class to allowedAttributes? If you did then please provide a failing unit test showing the problem.