lib/loofah/html5/scrub.rb in loofah-2.0.0 vs lib/loofah/html5/scrub.rb in loofah-2.0.1
- old
+ new
@@ -46,16 +46,20 @@
if WhiteList::SVG_ALLOW_LOCAL_HREF.include?(node.name) && attr_name == 'xlink:href' && attr_node.value =~ /^\s*[^#\s].*/m
attr_node.remove
next
end
end
- if node.attributes['style']
- node['style'] = scrub_css node.attributes['style']
- end
+ scrub_css_attribute node
+
node.attribute_nodes.each do |attr_node|
node.remove_attribute(attr_node.name) if attr_node.value !~ /[^[:space:]]/
end
+ end
+
+ def scrub_css_attribute node
+ style = node.attributes['style']
+ style.value = scrub_css(style.value) if style
end
# lifted nearly verbatim from html5lib
def scrub_css style
# disallow urls