lib/action_controller/vendor/html-scanner/html/sanitizer.rb in actionpack-2.0.2 vs lib/action_controller/vendor/html-scanner/html/sanitizer.rb in actionpack-2.0.4

@@ -105,11 +105,11 @@
       # disallow urls
       style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
 
       # gauntlet
       if style !~ /^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*$/ ||
-          style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$))*$/
+          style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*$/
         return ''
       end
 
       clean = []
       style.scan(/([-\w]+)\s*:\s*([^:;]*)/) do |prop,val|
@@ -168,6 +168,6 @@
     def contains_bad_protocols?(attr_name, value)
       uri_attributes.include?(attr_name) && 
       (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(%|%)3A/ && !allowed_protocols.include?(value.split(protocol_separator).first))
     end
   end
-end
\ No newline at end of file
+end