Skip to content

Commit 58fac00

Browse files
cswarecsware
authored
Unbreak CssSchema.withProperties(Map) (OWASP#313)
This method never worked before. Signed-off-by: Sven Strickroth <email@cs-ware.de>
1 parent 65d48ea commit 58fac00

File tree

2 files changed

+54
-3
lines changed

2 files changed

+54
-3
lines changed

src/main/java/org/owasp/html/CssSchema.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -164,15 +164,16 @@ public static CssSchema withProperties(
164164
Map<String, Property> propertyMap =
165165
new HashMap<>();
166166
// check that all fnKeys are defined in properties.
167-
for (Map.Entry<String, Property> e : propertyMap.entrySet()) {
167+
for (Map.Entry<? extends String, ? extends Property> e : properties.entrySet()) {
168168
Property property = e.getValue();
169169
for (String fnKey : property.fnKeys.values()) {
170-
if (!propertyMap.containsKey(fnKey)) {
170+
if (!properties.containsKey(fnKey)) {
171171
throw new IllegalArgumentException(
172172
"Property map is not self contained. " + e.getValue()
173173
+ " depends on undefined function key " + fnKey);
174174
}
175175
}
176+
propertyMap.put(e.getKey(), e.getValue());
176177
}
177178
return new CssSchema(Map.copyOf(propertyMap));
178179
}

src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java

Lines changed: 51 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,10 @@
2929
package org.owasp.html;
3030

3131
import java.util.Arrays;
32+
import java.util.Collections;
3233
import java.util.List;
3334
import java.util.Locale;
35+
import java.util.Map;
3436
import java.util.Set;
3537
import java.util.regex.Pattern;
3638
import java.util.stream.Collectors;
@@ -250,7 +252,31 @@ public void testSpecificStyleFilterung() {
250252
}
251253

252254
@Test
253-
public void testUnionStyleFilterung() {
255+
public void testCustomPropertyStyleFiltering() {
256+
assertEquals(
257+
Arrays.stream(new String[] {
258+
"<h1>Header</h1>",
259+
"<p>Paragraph 1</p>",
260+
"<p>Click me out</p>",
261+
"<p></p>",
262+
"<p><b>Fancy</b> with <i><b>soupy</b></i><b> tags</b>.",
263+
"</p><p style=\"text-align:center\">Stylish Para 1</p>",
264+
"<p>Stylish Para 2</p>",
265+
""}).collect(Collectors.joining("\n")),
266+
apply(new HtmlPolicyBuilder()
267+
.allowCommonInlineFormattingElements()
268+
.allowCommonBlockElements()
269+
.allowStyling(
270+
CssSchema.withProperties(
271+
Map.of("text-align",
272+
new CssSchema.Property(0,
273+
Set.of("center"),
274+
Collections.emptyMap()))))
275+
.allowStandardUrlProtocols()));
276+
}
277+
278+
@Test
279+
public void testUnionStyleFiltering() {
254280
assertEquals(
255281
Arrays.stream(new String[] {
256282
"<h1>Header</h1>",
@@ -271,6 +297,30 @@ public void testUnionStyleFilterung() {
271297
.allowStandardUrlProtocols()));
272298
}
273299

300+
@Test
301+
public void testCustomPropertyStyleFilteringDisallowed() {
302+
assertEquals(
303+
Arrays.stream(new String[] {
304+
"<h1>Header</h1>",
305+
"<p>Paragraph 1</p>",
306+
"<p>Click me out</p>",
307+
"<p></p>",
308+
"<p><b>Fancy</b> with <i><b>soupy</b></i><b> tags</b>.",
309+
"</p><p>Stylish Para 1</p>",
310+
"<p>Stylish Para 2</p>",
311+
""}).collect(Collectors.joining("\n")),
312+
apply(new HtmlPolicyBuilder()
313+
.allowCommonInlineFormattingElements()
314+
.allowCommonBlockElements()
315+
.allowStyling(
316+
CssSchema.withProperties(
317+
Map.of("text-align",
318+
new CssSchema.Property(0,
319+
Set.of("left", "right"),
320+
Collections.emptyMap()))))
321+
.allowStandardUrlProtocols()));
322+
}
323+
274324
@Test
275325
public static final void testElementTransforming() {
276326
assertEquals(

0 commit comments

Comments
 (0)