No, the whitelist is hardcoded and cannot be adjusted. However, the class attribute is in the whitelist and should be kept, you probably meant the style attribute? If you need a customized behavior you will have to use a different solution (like DOMParser which can parse HTML documents in Firefox 12).

As to older Firefox versions, you can parse XHTML data with DOMParser there. If you really have HTML then I am only aware of one way to parse it without immediately inserting it into a document (which might cause various security issues): range.createContextualFragment(). You need an HTML document for that, if you don’t have one – a hidden <iframe> loading about:blank will do as well. Here is how it works:

// Get the HTML document
var doc = document.getElementById("dummyFrame").contentDocument;

// Parse data
var fragment = doc.createRange().createContextualFragment(htmlData);

// Sanitize it
sanitizeData(fragment);

Here sanitizing the data is your own responsibility. You probably want to base your sanitization on Mozilla’s whitelist that I linked to above – remove all tags and attributes that are not on that list, also make sure to check the links. The style attribute is a special case: it used to be insecure but IMHO no longer is given than -moz-binding isn’t supported on the web any more.