e : propertyMap.entrySet()) {
+ for (Map.Entry extends String, ? extends Property> e : properties.entrySet()) {
Property property = e.getValue();
for (String fnKey : property.fnKeys.values()) {
- if (!propertyMap.containsKey(fnKey)) {
+ if (!properties.containsKey(fnKey)) {
throw new IllegalArgumentException(
"Property map is not self contained. " + e.getValue()
+ " depends on undefined function key " + fnKey);
}
}
+ propertyMap.put(e.getKey(), e.getValue());
}
return new CssSchema(Map.copyOf(propertyMap));
}
diff --git a/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java b/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java
index 746a1017..e7e6616f 100644
--- a/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java
+++ b/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java
@@ -29,8 +29,10 @@
package org.owasp.html;
import java.util.Arrays;
+import java.util.Collections;
import java.util.List;
import java.util.Locale;
+import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
@@ -250,7 +252,31 @@ public void testSpecificStyleFilterung() {
}
@Test
- public void testUnionStyleFilterung() {
+ public void testCustomPropertyStyleFiltering() {
+ assertEquals(
+ Arrays.stream(new String[] {
+ "Header
",
+ "Paragraph 1
",
+ "Click me out
",
+ "",
+ "Fancy with soupy tags.",
+ "
Stylish Para 1
",
+ "Stylish Para 2
",
+ ""}).collect(Collectors.joining("\n")),
+ apply(new HtmlPolicyBuilder()
+ .allowCommonInlineFormattingElements()
+ .allowCommonBlockElements()
+ .allowStyling(
+ CssSchema.withProperties(
+ Map.of("text-align",
+ new CssSchema.Property(0,
+ Set.of("center"),
+ Collections.emptyMap()))))
+ .allowStandardUrlProtocols()));
+ }
+
+ @Test
+ public void testUnionStyleFiltering() {
assertEquals(
Arrays.stream(new String[] {
"Header
",
@@ -271,6 +297,30 @@ public void testUnionStyleFilterung() {
.allowStandardUrlProtocols()));
}
+ @Test
+ public void testCustomPropertyStyleFilteringDisallowed() {
+ assertEquals(
+ Arrays.stream(new String[] {
+ "Header
",
+ "Paragraph 1
",
+ "Click me out
",
+ "",
+ "Fancy with soupy tags.",
+ "
Stylish Para 1
",
+ "Stylish Para 2
",
+ ""}).collect(Collectors.joining("\n")),
+ apply(new HtmlPolicyBuilder()
+ .allowCommonInlineFormattingElements()
+ .allowCommonBlockElements()
+ .allowStyling(
+ CssSchema.withProperties(
+ Map.of("text-align",
+ new CssSchema.Property(0,
+ Set.of("left", "right"),
+ Collections.emptyMap()))))
+ .allowStandardUrlProtocols()));
+ }
+
@Test
public static final void testElementTransforming() {
assertEquals(