Skip to content

Commit 6b2ad07

Browse files
mikesamuelmikesamuel
committed
allow !important in CSS styles
1 parent 34425c1 commit 6b2ad07

File tree

2 files changed

+26
-1
lines changed

2 files changed

+26
-1
lines changed

src/main/java/org/owasp/html/StylingPolicy.java

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@ String sanitizeCssProperties(String style) {
7373
int propertyStart = 0;
7474
boolean hasTokens;
7575
boolean inQuotedIdents;
76+
String lastToken = null;
7677

7778
private void emitToken(String token) {
7879
closeQuotedIdents();
@@ -109,6 +110,7 @@ public void url(String token) {
109110
sanitizeAndAppendUrl(urlContent);
110111
}
111112
}
113+
lastToken = token;
112114
}
113115

114116
public void startProperty(String propertyName) {
@@ -134,6 +136,7 @@ public void startFunction(String uncanonToken) {
134136
if (cssProperty != CssSchema.DISALLOWED) {
135137
emitToken(token);
136138
}
139+
lastToken = token;
137140
}
138141

139142
public void quotedString(String token) {
@@ -156,6 +159,7 @@ && isAlphanumericOrSpace(token, 1, token.length() - 1)) {
156159
sanitizeAndAppendUrl(CssGrammar.cssContent(token));
157160
}
158161
}
162+
lastToken = token;
159163
}
160164

161165
public void quantity(String token) {
@@ -166,20 +170,24 @@ public void quantity(String token) {
166170
|| cssProperty.literals.contains(token)) {
167171
emitToken(token);
168172
}
173+
lastToken = token;
169174
}
170175

171176
public void punctuation(String token) {
172177
closeQuotedIdents();
173178
if (cssProperty.literals.contains(token)) {
174179
emitToken(token);
175180
}
181+
lastToken = token;
176182
}
177183

178184
private static final int IDENT_TO_STRING =
179185
CssSchema.BIT_UNRESERVED_WORD | CssSchema.BIT_STRING;
180186
public void identifier(String uncanonToken) {
181187
String token = Strings.toLowerCase(uncanonToken);
182-
if (cssProperty.literals.contains(token)) {
188+
if ("!".equals(lastToken) && "important".equals(token)) {
189+
emitToken("!important");
190+
} else if (cssProperty.literals.contains(token)) {
183191
emitToken(token);
184192
} else if ((cssProperty.bits & IDENT_TO_STRING) == IDENT_TO_STRING) {
185193
if (!inQuotedIdents) {
@@ -192,13 +200,15 @@ public void identifier(String uncanonToken) {
192200
}
193201
sanitizedCss.append(Strings.toLowerCase(token));
194202
}
203+
lastToken = token;
195204
}
196205

197206
public void hash(String token) {
198207
closeQuotedIdents();
199208
if ((cssProperty.bits & CssSchema.BIT_HASH_VALUE) != 0) {
200209
emitToken(Strings.toLowerCase(token));
201210
}
211+
lastToken = token;
202212
}
203213

204214
public void endProperty() {
@@ -207,11 +217,13 @@ public void endProperty() {
207217
} else {
208218
closeQuotedIdents();
209219
}
220+
lastToken = null;
210221
}
211222

212223
public void endFunction(String token) {
213224
if (cssProperty != CssSchema.DISALLOWED) { emitToken(")"); }
214225
cssProperty = cssProperties.remove(cssProperties.size() - 1);
226+
lastToken = ")";
215227
}
216228
});
217229
return sanitizedCss.length() == 0 ? null : sanitizedCss.toString();

src/test/java/org/owasp/html/StylingPolicyTest.java

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -317,6 +317,19 @@ public static final void testUrls() {
317317
"background-image: URL( \"foo.gif\" )");
318318
}
319319

320+
@Test
321+
public static final void testImportant() {
322+
assertSanitizedCss(
323+
"color:blue !important",
324+
"color:blue !important");
325+
assertSanitizedCss(
326+
"color:red !important",
327+
"color:red ! IMPORTANT");
328+
assertSanitizedCss(
329+
"color:purple",
330+
"color:purple !foo(bar) important");
331+
}
332+
320333
private static void assertSanitizedCss(
321334
@Nullable String expectedCss, String css) {
322335
StylingPolicy stylingPolicy = new StylingPolicy(

0 commit comments

Comments
 (0)