JacksonBruce/HtmlSanitizer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix #155

Browse Source
This commit is contained in:
Michael Ganss
2019-01-17 12:52:36 +01:00
parent f4eeace29f
commit cabae353e8
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/HtmlSanitizer/HtmlSanitizer.cs
View File

@@ -538,6 +538,7 @@ namespace Ganss.XSS
} }
// sanitize the style attribute // sanitize the style attribute
var oldStyleEmpty = string.IsNullOrEmpty(tag.GetAttribute("style"));
SanitizeStyle(tag, baseUrl); SanitizeStyle(tag, baseUrl);
var checkClasses = AllowedCssClasses != null; var checkClasses = AllowedCssClasses != null;
@@ -564,9 +565,9 @@ namespace Ganss.XSS
if (!tag.ClassList.Any()) if (!tag.ClassList.Any())
RemoveAttribute(tag, attribute, RemoveReason.ClassAttributeEmpty); RemoveAttribute(tag, attribute, RemoveReason.ClassAttributeEmpty);
} }
else if (string.IsNullOrEmpty(attribute.Value)) else if (!oldStyleEmpty && attribute.Name == "style" && string.IsNullOrEmpty(attribute.Value))
{ {
tag.RemoveAttribute(attribute.Name); RemoveAttribute(tag, attribute, RemoveReason.StyleAttributeEmpty);
} }
} }
} }

6
src/HtmlSanitizer/RemoveReason.cs
View File

@@ -32,6 +32,10 @@
/// <summary> /// <summary>
/// The class attribute is empty /// The class attribute is empty
/// </summary> /// </summary>
ClassAttributeEmpty ClassAttributeEmpty,
/// <summary>
/// The style attribute is empty
/// </summary>
StyleAttributeEmpty,
} }
} }