Merge branch 'main' into subbudvk-patch-3

OWASP · Jan 9, 2024 · 503db07 · 503db07
2 parents 14adc74 + 5b420f9
commit 503db07
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 32 deletions.
diff --git a/src/main/java/org/owasp/html/CssSchema.java b/src/main/java/org/owasp/html/CssSchema.java
@@ -383,7 +383,7 @@ Property forKey(String propertyName) {
         "bolder", "lighter");
     ImmutableSet<String> fontLiterals1 = ImmutableSet.of(
         "large", "larger", "small", "smaller", "x-large", "x-small",
-        "xx-large", "xx-small");
+        "xx-large", "xx-small", "xxx-large", "medium");
     ImmutableSet<String> fontLiterals2 = ImmutableSet.of(
         "caption", "icon", "menu", "message-box", "small-caption",
         "status-bar");

diff --git a/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java b/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java
@@ -994,42 +994,54 @@ public static final void testTextareaIsNotTextArea() {
     assertEquals("x<textArea>y</textArea>", textAreaPolicy.sanitize(input));
   }
 
- @Test
-  public static final void testCSSChildCombinator() {
+  @Test
+  public static final void testCSSFontSize() {
 	 HtmlPolicyBuilder builder = new HtmlPolicyBuilder();
-
- 	 PolicyFactory factory = builder.allowElements("span","style","h1").allowTextIn("style","h1")
- 	 .allowAttributes("type").onElements("style").allowStyling()
+ 	 PolicyFactory factory = builder.allowElements("span")
+ 	 .allowAttributes("style").onElements("span").allowStyling()
  	.toFactory();
+ 	 String toSanitizeXXXLarge = "the <span style=\"font-size:xxx-large\">large</span> formatting issue with chrome";
+ 	 assertEquals(toSanitizeXXXLarge, factory.sanitize(toSanitizeXXXLarge)); 
+
+ 	 String toSanitizeMedium = "the <span style=\"font-size:medium\">medium</span> formatting issue with chrome";
+ 	 assertEquals(toSanitizeMedium, factory.sanitize(toSanitizeMedium)); 
+  }
+
+  @Test
+  public static final void testCSSChildCombinator() {
+	  HtmlPolicyBuilder builder = new HtmlPolicyBuilder();
+
+ 	  PolicyFactory factory = builder.allowElements("span","style","h1").allowTextIn("style","h1")
+ 	    .allowAttributes("type").onElements("style").allowStyling()
+ 	    .toFactory();
 
 
- 	 String toSanitize = "<style type=\"text/css\">\n"
- 	 		+ "<!--\n"
- 	 		+ ".hdg-1 {\n"
- 	 		+ "width:100%;\n"
- 	 		+ "}\n"
- 	 		+ "\n"
- 	 		+ ".hdg-1>._inner {\n"
- 	 		+ "background-color: #999;\n"
- 	 		+ "}\n"
- 	 		+ "-->\n"
- 	 		+ "</style>\n"
- 	 		+ "<h1>Test</h1>\n"
- 	 		+ "\n"
- 	 		+ "<style>\n"
- 	 		+ "<!--\n"
- 	 		+ ".hdg-1 {\n"
- 	 		+ "width:100%;\n"
- 	 		+ "}\n"
- 	 		+ "\n"
- 	 		+ ".hdg-1>._inner {\n"
- 	 		+ "background-color: #666;\n"
- 	 		+ "}\n"
- 	 		+ "-->\n"
- 	 		+ "</style>";
- 	 assertEquals(toSanitize, factory.sanitize(toSanitize));
+ 	  String toSanitize = "<style type=\"text/css\">\n"
+ 	 	  + "<!--\n"
+ 	 	  + ".hdg-1 {\n"
+ 	 	  + "width:100%;\n"
+ 	 	  + "}\n"
+ 	 	  + "\n"
+ 	 	  + ".hdg-1>._inner {\n"
+ 	 	  + "background-color: #999;\n"
+ 	 	  + "}\n"
+ 	 	  + "-->\n"
+ 	 	  + "</style>\n"
+ 	 	  + "<h1>Test</h1>\n"
+ 	 	  + "\n"
+ 	 	  + "<style>\n"
+ 	 	  + "<!--\n"
+ 	 	  + ".hdg-1 {\n"
+ 	 	  + "width:100%;\n"
+ 	 	  + "}\n"
+ 	 	  + "\n"
+ 	 	  + ".hdg-1>._inner {\n"
+ 	 	  + "background-color: #666;\n"
+ 	 	  + "}\n"
+ 	 	  + "-->\n"
+ 	 	  + "</style>";
+ 	  assertEquals(toSanitize, factory.sanitize(toSanitize));
   }
-
 
   private static String apply(HtmlPolicyBuilder b) {
     return apply(b, EXAMPLE);