From 6c70219a094b687aace23f379dbdbb6855d0d531 Mon Sep 17 00:00:00 2001 From: James Adam Date: Thu, 24 Oct 2024 16:48:36 +0100 Subject: [PATCH] Allow CSS properties: min-height, max-height --- lib/loofah/html5/safelist.rb | 2 ++ test/html5/test_sanitizer.rb | 14 ++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/lib/loofah/html5/safelist.rb b/lib/loofah/html5/safelist.rb index 882107c..142c758 100644 --- a/lib/loofah/html5/safelist.rb +++ b/lib/loofah/html5/safelist.rb @@ -662,7 +662,9 @@ module SafeList "line-height", "list-style", "list-style-type", + "max-height", "max-width", + "min-height", "min-width", "order", "overflow", diff --git a/test/html5/test_sanitizer.rb b/test/html5/test_sanitizer.rb index 9f85152..6d017f9 100755 --- a/test/html5/test_sanitizer.rb +++ b/test/html5/test_sanitizer.rb @@ -493,6 +493,13 @@ def test_css_function_sanitization_strips_style_attributes_with_unsafe_functions assert_match(%r/<\/span>/, sane.inner_html) end + def test_css_max_height + html = '
' + sane = Nokogiri::HTML(Loofah.scrub_html4_fragment(html, :escape).to_xml) + + assert_match(/max-height/, sane.inner_html) + end + def test_css_max_width html = '
' sane = Nokogiri::HTML(Loofah.scrub_html4_fragment(html, :escape).to_xml) @@ -500,6 +507,13 @@ def test_css_max_width assert_match(/max-width/, sane.inner_html) end + def test_css_min_height + html = '
' + sane = Nokogiri::HTML(Loofah.scrub_html4_fragment(html, :escape).to_xml) + + assert_match(/min-height/, sane.inner_html) + end + def test_css_min_width html = '
' sane = Nokogiri::HTML(Loofah.scrub_html4_fragment(html, :escape).to_xml)