From 9a706f064d2dcd9fcbb33635a5706a7a6e6ed13c Mon Sep 17 00:00:00 2001 From: Gerad Suyderhoud Date: Thu, 10 Aug 2017 11:59:03 -0700 Subject: [PATCH] Sanitize css properties of style attributes (#1) https://github.com/microcosm-cc/bluemonday/issues/43 --- policy.go | 18 +++++++++++++ sanitize.go | 23 +++++++++++++++++ sanitize_test.go | 66 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 107 insertions(+) diff --git a/policy.go b/policy.go index 2b0965b..3909ef2 100644 --- a/policy.go +++ b/policy.go @@ -94,6 +94,9 @@ type Policy struct { setOfElementsAllowedWithoutAttrs map[string]struct{} setOfElementsToSkipContent map[string]struct{} + + // allowed style property names + allowedStyleProperties map[string]struct{} } type attrPolicy struct { @@ -121,6 +124,7 @@ func (p *Policy) init() { p.allowURLSchemes = make(map[string]urlPolicy) p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{}) p.setOfElementsToSkipContent = make(map[string]struct{}) + p.allowedStyleProperties = make(map[string]struct{}) p.initialized = true } } @@ -431,6 +435,20 @@ func (p *Policy) AllowElementsContent(names ...string) *Policy { return p } +// AllowStyleProperties allows the given style properties in the style +// attribute (note: does not style in inline