From 2699b61a50e67adacabd1fc0990e8bfa69f63d1a Mon Sep 17 00:00:00 2001
From: Bill Chaney <bill@aha.io>
Date: Fri, 22 Nov 2019 15:06:07 -0800
Subject: [PATCH] Allow CSS property: max-width

---
 lib/loofah/html5/safelist.rb | 1 +
 test/html5/test_sanitizer.rb | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/lib/loofah/html5/safelist.rb b/lib/loofah/html5/safelist.rb
index 4b2b6dd4..f9f423c7 100644
--- a/lib/loofah/html5/safelist.rb
+++ b/lib/loofah/html5/safelist.rb
@@ -573,6 +573,7 @@ module SafeList
                                             "line-height",
                                             "list-style",
                                             "list-style-type",
+                                            "max-width",
                                             "overflow",
                                             "pause",
                                             "pause-after",
diff --git a/test/html5/test_sanitizer.rb b/test/html5/test_sanitizer.rb
index 72068afd..7276bcd2 100755
--- a/test/html5/test_sanitizer.rb
+++ b/test/html5/test_sanitizer.rb
@@ -326,6 +326,13 @@ def test_css_function_sanitization_strips_style_attributes_with_unsafe_functions
     assert_match %r/<span><\/span>/, sane.inner_html
   end
 
+  def test_css_max_width
+    html = '<div style="max-width: 100%;"></div>'
+    sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml)
+    assert_match %r/max-width/, sane.inner_html
+  end
+
+
   def test_issue_90_slow_regex
     skip("timing tests are hard to make pass and have little regression-testing value")