Add overflow-wrap to CssSchema definition list (#312)

Signed-off-by: Sven Strickroth <[email protected]>
Co-authored-by: Mike Samuel <[email protected]>

Author: csware

src/main/java/org/owasp/html/CssSchema.java

@@ -424,6 +424,8 @@ Property forKey(String propertyName) {
         "auto", "inherit", "none");
     Set<String> overflowLiterals0 = Set.of(
         "auto", "hidden", "inherit", "scroll", "visible");
+    Set<String> overflowWrapLiterals0 = Set.of(
+        "normal", "break-word", "anywhere", "inherit");
     Set<String> overflowXLiterals0 = Set.of(
         "no-content", "no-display");
     Set<String> overflowXLiterals1 = Set.of(
@@ -668,6 +670,7 @@ Property forKey(String propertyName) {
     Property opacity = new Property(1, mozOpacityLiterals0, zeroFns);
     builder.put("opacity", opacity);
     builder.put("overflow", new Property(0, overflowLiterals0, zeroFns));
+    builder.put("overflow-wrap", new Property(0, overflowWrapLiterals0, zeroFns));
     @SuppressWarnings("unchecked")
     Property overflowX = new Property(
         0, union(overflowXLiterals0, overflowXLiterals1), zeroFns);

src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java

@@ -1029,6 +1029,38 @@ public static final void testSkipAndRequireRels() {
             pf.sanitize("<a href=\"http://example.com\" rel=noopener target=\"_blank\">eg</a>"));
   }
 
+  @Test
+  public static final void testOverflowWrap() {
+    PolicyFactory pf = new HtmlPolicyBuilder()
+        .allowElements("span")
+        .allowStyling(CssSchema.union(CssSchema.DEFAULT, CssSchema.withProperties(List.of("overflow-wrap"))))
+        .toFactory();
+
+    assertEquals(
+        "<span style=\"overflow-wrap:anywhere\">Something</span>",
+        pf.sanitize("<span style=\"overflow-wrap: anywhere\">Something</span>"));
+
+    assertEquals(
+        "<span style=\"overflow-wrap:inherit\">Something</span>",
+        pf.sanitize("<span style=\"overflow-wrap: inherit\">Something</span>"));
+
+    assertEquals(
+        "Something",
+        pf.sanitize("<span style=\"overflow-wrap: something\">Something</span>"));
+  }
+
+  @Test
+  public static final void testOverflowWrapNotAllowed() {
+    PolicyFactory pf = new HtmlPolicyBuilder()
+        .allowElements("span")
+        .allowStyling()
+        .toFactory();
+
+    assertEquals(
+        "Something",
+        pf.sanitize("<span style=\"overflow-wrap: anywhere\">Something</span>"));
+  }
+
   @Test
   public static final void testExplicitRelsSkip() {
     PolicyFactory pf = new HtmlPolicyBuilder()