From f70928cbad964d01c1a163bde6071437a2a35609 Mon Sep 17 00:00:00 2001
From: Andrey Nering <andrey.nering@gmail.com>
Date: Tue, 21 May 2019 11:31:38 -0300
Subject: [PATCH] Allow HTML property: contenteditable

---
 CHANGELOG.md                  | 1 +
 lib/loofah/html5/whitelist.rb | 1 +
 test/html5/test_sanitizer.rb  | 7 +++++++
 3 files changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 27a169a4..d793a386 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@
 * Expand set of allowed CSS functions. [related to #122]
 * Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
 * Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
+* Allow HTML property `contenteditable`
 
 
 ### Bug fixes
diff --git a/lib/loofah/html5/whitelist.rb b/lib/loofah/html5/whitelist.rb
index 467c1d6d..9d65c212 100644
--- a/lib/loofah/html5/whitelist.rb
+++ b/lib/loofah/html5/whitelist.rb
@@ -243,6 +243,7 @@ module WhiteList
                                         "cols",
                                         "colspan",
                                         "compact",
+                                        "contenteditable",
                                         "coords",
                                         "datetime",
                                         "dir",
diff --git a/test/html5/test_sanitizer.rb b/test/html5/test_sanitizer.rb
index b139bcff..c581eec9 100755
--- a/test/html5/test_sanitizer.rb
+++ b/test/html5/test_sanitizer.rb
@@ -110,6 +110,13 @@ def test_should_allow_multi_word_data_attributes
     check_sanitization(input, htmloutput, output, output)
   end
 
+  def test_should_allow_contenteditable
+    input = '<p contenteditable="false">Hi!</p>'
+    output = '<p contenteditable="false">Hi!</p>'
+
+    check_sanitization(input, output, output, output)
+  end
+
   ##
   ##  libxml2 downcases attributes, so this is moot.
   ##