diff --git a/lib/loofah/html5/whitelist.rb b/lib/loofah/html5/whitelist.rb
index 109356c1..619a81ad 100644
--- a/lib/loofah/html5/whitelist.rb
+++ b/lib/loofah/html5/whitelist.rb
@@ -92,7 +92,7 @@ module WhiteList
color-interpolation-filters color-rendering content cx cy d dx
dy descent display dur end fill fill-opacity fill-rule
filterRes filterUnits font-family
- font-size font-stretch font-style font-variant font-weight from fx fy g1
+ font-size font-stretch font-style font-variant font-weight fx fy g1
g2 glyph-name gradientUnits hanging height horiz-adv-x horiz-origin-x id
ideographic k keyPoints keySplines keyTimes lang marker-end
marker-mid marker-start markerHeight markerUnits markerWidth
diff --git a/test/integration/test_ad_hoc.rb b/test/integration/test_ad_hoc.rb
index 29af40be..ac1e28cc 100644
--- a/test/integration/test_ad_hoc.rb
+++ b/test/integration/test_ad_hoc.rb
@@ -188,8 +188,17 @@ def test_dont_remove_whitespace_between_tags
assert_equal %{example.com}, attributes.first.value
end
end
-
end
+ # see:
+ # - https://github.com/flavorjones/loofah/issues/154
+ # - https://hackerone.com/reports/429267
+ context "xss protection from svg xmlns:xlink animate attribute" do
+ it "sanitizes appropriate attributes" do
+ html = %Q{