Merge pull request #167 from jobscore/allow-html-property-contentedit…

…able Allow HTML property: contenteditable
flavorjones · Sep 28, 2019 · 6385822 · 6385822
2 parents ffd695c + f70928c
commit 6385822
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@
 * Expand set of allowed CSS functions. [related to #122]
 * Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
 * Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
+* Allow HTML property `contenteditable`
 
 
 ### Bug fixes

diff --git a/lib/loofah/html5/whitelist.rb b/lib/loofah/html5/whitelist.rb
@@ -243,6 +243,7 @@ module WhiteList
                                         "cols",
                                         "colspan",
                                         "compact",
+                                        "contenteditable",
                                         "coords",
                                         "datetime",
                                         "dir",

diff --git a/test/html5/test_sanitizer.rb b/test/html5/test_sanitizer.rb
@@ -110,6 +110,13 @@ def test_should_allow_multi_word_data_attributes
     check_sanitization(input, htmloutput, output, output)
   end
 
+  def test_should_allow_contenteditable
+    input = '<p contenteditable="false">Hi!</p>'
+    output = '<p contenteditable="false">Hi!</p>'
+
+    check_sanitization(input, output, output, output)
+  end
+
   ##
   ##  libxml2 downcases attributes, so this is moot.
   ##