From 13f734ff46642c6d0b1cf784eb138f6ab66e05b7 Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@gmail.com>
Date: Mon, 25 Nov 2019 05:21:27 -0800
Subject: [PATCH] css sanitizer allows "rem" sizes

fixes #176
---
 lib/loofah/html5/scrub.rb    | 2 +-
 test/html5/test_sanitizer.rb | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/loofah/html5/scrub.rb b/lib/loofah/html5/scrub.rb
index 0dc51328..de4295e1 100644
--- a/lib/loofah/html5/scrub.rb
+++ b/lib/loofah/html5/scrub.rb
@@ -6,7 +6,7 @@ module HTML5 # :nodoc:
     module Scrub
 
       CONTROL_CHARACTERS = /[`\u0000-\u0020\u007f\u0080-\u0101]/
-      CSS_KEYWORDISH = /\A(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|-?\d{0,3}\.?\d{0,10}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
+      CSS_KEYWORDISH = /\A(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|-?\d{0,3}\.?\d{0,10}(cm|r?em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
       CRASS_SEMICOLON = {:node => :semicolon, :raw => ";"}
 
       class << self
diff --git a/test/html5/test_sanitizer.rb b/test/html5/test_sanitizer.rb
index 72068afd..1fe12d91 100755
--- a/test/html5/test_sanitizer.rb
+++ b/test/html5/test_sanitizer.rb
@@ -294,6 +294,12 @@ def test_css_high_precision_value_shorthand_css_properties
     assert_match %r/0.3333333334em/, sane.inner_html
   end
 
+  def test_css_rem_value
+    html = "<span style=\"margin-top:10rem;\">"
+    sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml)
+    assert_match %r/10rem/, sane.inner_html
+  end
+
   def test_css_function_sanitization_leaves_safelisted_functions_calc
     html = "<span style=\"width:calc(5%)\">"
     sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :strip).to_html)