From 50931f4a4309f34bc15daf4ff2f3d649e7972448 Mon Sep 17 00:00:00 2001 From: Christian Kissner Date: Tue, 25 Aug 2020 17:00:04 +0000 Subject: [PATCH] scrub_css should not drop `!important` from shorthand css props part of #191 --- lib/loofah/html5/scrub.rb | 2 ++ test/assets/testdata_sanitizer_tests1.dat | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/lib/loofah/html5/scrub.rb b/lib/loofah/html5/scrub.rb index 6375d15a..8a4c806d 100644 --- a/lib/loofah/html5/scrub.rb +++ b/lib/loofah/html5/scrub.rb @@ -8,6 +8,7 @@ module Scrub CONTROL_CHARACTERS = /[`\u0000-\u0020\u007f\u0080-\u0101]/ CSS_KEYWORDISH = /\A(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|-?\d{0,3}\.?\d{0,10}(ch|cm|r?em|ex|in|lh|mm|pc|pt|px|Q|vmax|vmin|vw|vh|%|,|\))?)\z/ CRASS_SEMICOLON = { :node => :semicolon, :raw => ";" } + CSS_IMPORTANT = '!important' class << self def allowed_element?(element_name) @@ -90,6 +91,7 @@ def scrub_css(style) end end.compact unless value.empty? + value += [CSS_IMPORTANT] if node[:important] propstring = sprintf "%s:%s", name, value.join(" ") sanitized_node = Crass.parse_properties(propstring).first sanitized_tree << sanitized_node << CRASS_SEMICOLON diff --git a/test/assets/testdata_sanitizer_tests1.dat b/test/assets/testdata_sanitizer_tests1.dat index c7a5f063..b5646464 100644 --- a/test/assets/testdata_sanitizer_tests1.dat +++ b/test/assets/testdata_sanitizer_tests1.dat @@ -486,6 +486,14 @@ "rexml": "
" }, + { + "name": "style_attr_shorhand_important", + "input": "
", + "output": "
", + "rexml": "
" + }, + { "name": "attributes_with_embedded_quotes", "input": "",