From 1a82f4d431d1f81ce314db5de4bca0d980ccad8d Mon Sep 17 00:00:00 2001
From: Jared Beck <jared@jaredbeck.com>
Date: Wed, 2 Jan 2019 18:21:50 -0500
Subject: [PATCH] Allow CSS property `list-style`

---
 CHANGELOG.md                  | 1 +
 lib/loofah/html5/whitelist.rb | 1 +
 test/html5/test_sanitizer.rb  | 6 ++++++
 3 files changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 68435ce3..ff89924e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ Features:
 * Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
 * Expand set of allowed CSS functions. [related to #122]
 * Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
+* Allow CSS property `list-style`
 
 
 ## 2.2.3 / 2018-10-30
diff --git a/lib/loofah/html5/whitelist.rb b/lib/loofah/html5/whitelist.rb
index 385cbf70..467c1d6d 100644
--- a/lib/loofah/html5/whitelist.rb
+++ b/lib/loofah/html5/whitelist.rb
@@ -574,6 +574,7 @@ module WhiteList
                                             "height",
                                             "letter-spacing",
                                             "line-height",
+                                            "list-style",
                                             "list-style-type",
                                             "overflow",
                                             "pause",
diff --git a/test/html5/test_sanitizer.rb b/test/html5/test_sanitizer.rb
index 49c3974c..b139bcff 100755
--- a/test/html5/test_sanitizer.rb
+++ b/test/html5/test_sanitizer.rb
@@ -263,6 +263,12 @@ def test_figure_element_is_valid
     end
   end
 
+  def test_css_list_style
+    html = '<ul style="list-style: none"></ul>'
+    sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml)
+    assert_match %r/list-style/, sane.inner_html
+  end
+
   def test_css_negative_value_sanitization
     html = "<span style=\"letter-spacing:-0.03em;\">"
     sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml)