Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Size "rem" is filtered in scrubber #176

Closed
alexkoy opened this issue Nov 25, 2019 · 1 comment · Fixed by #177
Closed

Size "rem" is filtered in scrubber #176

alexkoy opened this issue Nov 25, 2019 · 1 comment · Fixed by #177
Labels
scrubbers
Milestone
v2.4.0

Comments

@alexkoy
Copy link

alexkoy commented Nov 25, 2019

Because of the CSS_KEYWORDISH-Regex in lib/loofah/html5/scrub.rb, the Size "rem" is filtered in style-attributes like "margin-top:10rem".

The style-attribute will not be removed If the Regex will be extended like this:
/\A(#[0-9a-f]+|rgb(\d+%?,\d*%?,?\d*%?)?|-?\d{0,2}.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|))?)\z/
flavorjones added a commit that referenced this issue Nov 25, 2019
@flavorjones
css sanitizer allows "rem" sizes
13f734f 
fixes #176
@flavorjones flavorjones mentioned this issue Nov 25, 2019
Merged
@flavorjones
Copy link
Owner

Thanks for reporting this. I've created a fix for this that's at #177 and making its way through CI now.

@flavorjones flavorjones added this to the v2.4.0 milestone Nov 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scrubbers
Projects
None yet
Milestone
v2.4.0
Development

Successfully merging a pull request may close this issue.

css sanitizer allows "rem" sizes flavorjones/loofah
2 participants
@flavorjones @alexkoy