diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4c7bdfbc..df15c024 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
# Changelog
+## unreleased
+
+### Fixes
+
+* Don't drop the `!important` rule from some CSS properties. [[#191](https://github.com/flavorjones/loofah/issues/191)] (Thanks, [@b7kich](https://github.com/b7kich)!)
+
+
## 2.6.0 / 2020-06-16
### Features
diff --git a/lib/loofah/html5/scrub.rb b/lib/loofah/html5/scrub.rb
index 6375d15a..e2e3d70e 100644
--- a/lib/loofah/html5/scrub.rb
+++ b/lib/loofah/html5/scrub.rb
@@ -8,6 +8,7 @@ module Scrub
CONTROL_CHARACTERS = /[`\u0000-\u0020\u007f\u0080-\u0101]/
CSS_KEYWORDISH = /\A(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|-?\d{0,3}\.?\d{0,10}(ch|cm|r?em|ex|in|lh|mm|pc|pt|px|Q|vmax|vmin|vw|vh|%|,|\))?)\z/
CRASS_SEMICOLON = { :node => :semicolon, :raw => ";" }
+ CSS_IMPORTANT = '!important'
class << self
def allowed_element?(element_name)
@@ -90,6 +91,7 @@ def scrub_css(style)
end
end.compact
unless value.empty?
+ value << CSS_IMPORTANT if node[:important]
propstring = sprintf "%s:%s", name, value.join(" ")
sanitized_node = Crass.parse_properties(propstring).first
sanitized_tree << sanitized_node << CRASS_SEMICOLON
diff --git a/test/assets/testdata_sanitizer_tests1.dat b/test/assets/testdata_sanitizer_tests1.dat
index c7a5f063..a7298ac5 100644
--- a/test/assets/testdata_sanitizer_tests1.dat
+++ b/test/assets/testdata_sanitizer_tests1.dat
@@ -486,6 +486,14 @@
"rexml": ""
},
+ {
+ "name": "style_attr_shorthand_important",
+ "input": "",
+ "output": "",
+ "xhtml": "",
+ "rexml": ""
+ },
+
{
"name": "attributes_with_embedded_quotes",
"input": "![](doesntexist.jpg\"'onerror=\"alert(1))
",