diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
index 0a56046a4b..f506591650 100644
--- a/CHANGELOG.adoc
+++ b/CHANGELOG.adoc
@@ -13,6 +13,12 @@ endif::[]
This document provides a high-level view of the changes introduced in Asciidoctor by release.
For a detailed view of what has changed, refer to the {uri-repo}/commits/master[commit history] on GitHub.
+== Unrelease (minor)
+
+Enhancements / Compliance::
+
+ * Download and embed remote custom stylesheet if allow-uri-read is set (#3765)
+
== Unreleased
Bug Fixes::
diff --git a/lib/asciidoctor/converter/html5.rb b/lib/asciidoctor/converter/html5.rb
index e1b4e8398d..b5b6188f7f 100644
--- a/lib/asciidoctor/converter/html5.rb
+++ b/lib/asciidoctor/converter/html5.rb
@@ -138,7 +138,7 @@ def convert_document node
result << %()
else
result << %()
end
end
diff --git a/test/api_test.rb b/test/api_test.rb
index f4b8fc26aa..d4402f3721 100644
--- a/test/api_test.rb
+++ b/test/api_test.rb
@@ -1153,6 +1153,23 @@ def for name
refute_empty styles.strip
end
+ test 'should embed remote stylesheet by default if SafeMode is less than SECURE and allow-uri-read is set' do
+ input = <<~'EOS'
+ = Document Title
+
+ text
+ EOS
+
+ output = using_test_webserver do
+ Asciidoctor.convert input, safe: Asciidoctor::SafeMode::SERVER, standalone: true, attributes: { 'allow-uri-read' => '', 'stylesheet' => %(http://#{resolve_localhost}:9876/fixtures/custom.css) }
+ end
+ stylenode = xmlnodes_at_css 'html:root > head > style', output, 1
+ styles = stylenode.content
+ refute_nil styles
+ refute_empty styles.strip
+ assert_include 'color: green', styles
+ end
+
test 'should not allow linkcss be unset from document if SafeMode is SECURE or greater' do
input = <<~'EOS'
= Document Title
@@ -1244,6 +1261,40 @@ def for name
refute_empty styles.strip
end
+ test 'should embed custom remote stylesheet if SafeMode is less than SECURE and allow-uri-read is set' do
+ input = <<~'EOS'
+ = Document Title
+
+ text
+ EOS
+
+ output = using_test_webserver do
+ Asciidoctor.convert input, safe: Asciidoctor::SafeMode::SERVER, standalone: true, attributes: { 'allow-uri-read' => '', 'stylesheet' => %(http://#{resolve_localhost}:9876/fixtures/custom.css) }
+ end
+ stylenode = xmlnodes_at_css 'html:root > head > style', output, 1
+ styles = stylenode.content
+ refute_nil styles
+ refute_empty styles.strip
+ assert_include 'color: green', styles
+ end
+
+ test 'should embed custom stylesheet in remote stylesdir if SafeMode is less than SECURE and allow-uri-read is set' do
+ input = <<~'EOS'
+ = Document Title
+
+ text
+ EOS
+
+ output = using_test_webserver do
+ Asciidoctor.convert input, safe: Asciidoctor::SafeMode::SERVER, standalone: true, attributes: { 'allow-uri-read' => '', 'stylesdir' => %(http://#{resolve_localhost}:9876/fixtures), 'stylesheet' => 'custom.css' }
+ end
+ stylenode = xmlnodes_at_css 'html:root > head > style', output, 1
+ styles = stylenode.content
+ refute_nil styles
+ refute_empty styles.strip
+ assert_include 'color: green', styles
+ end
+
test 'should convert source file and write result to adjacent file by default' do
sample_input_path = fixture_path('sample.adoc')
sample_output_path = fixture_path('sample.html')