lib/loofah/html5/scrub.rb in loofah-2.0.2 vs lib/loofah/html5/scrub.rb in loofah-2.0.3

@@ -65,10 +65,10 @@
         def scrub_css style
           # disallow urls
           style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
 
           # gauntlet
-          return '' unless style =~ /\A([-:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/
+          return '' unless style =~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/
           return '' unless style =~ /\A\s*([-\w]+\s*:[^:;]*(;\s*|$))*\z/
 
           clean = []
           style.scan(/([-\w]+)\s*:\s*([^:;]*)/) do |prop, val|
             next if val.empty?