From 0ea456be3e0cf6f00a1adf0f99fa62585e51f4e3 Mon Sep 17 00:00:00 2001
From: Sven Strickroth <email@cs-ware.de>
Date: Mon, 29 Jan 2024 22:06:51 +0100
Subject: [PATCH] Add overflow-wrap to CssSchema definition list

Signed-off-by: Sven Strickroth <email@cs-ware.de>
---
 src/main/java/org/owasp/html/CssSchema.java   |  3 ++
 .../org/owasp/html/HtmlPolicyBuilderTest.java | 32 +++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/src/main/java/org/owasp/html/CssSchema.java b/src/main/java/org/owasp/html/CssSchema.java
index b9c6ae64..8f48b342 100644
--- a/src/main/java/org/owasp/html/CssSchema.java
+++ b/src/main/java/org/owasp/html/CssSchema.java
@@ -423,6 +423,8 @@ Property forKey(String propertyName) {
         "auto", "inherit", "none");
     Set<String> overflowLiterals0 = Set.of(
         "auto", "hidden", "inherit", "scroll", "visible");
+    Set<String> overflowWrapLiterals0 = Set.of(
+        "normal", "break-word", "anywhere", "inherit");
     Set<String> overflowXLiterals0 = Set.of(
         "no-content", "no-display");
     Set<String> overflowXLiterals1 = Set.of(
@@ -667,6 +669,7 @@ Property forKey(String propertyName) {
     Property opacity = new Property(1, mozOpacityLiterals0, zeroFns);
     builder.put("opacity", opacity);
     builder.put("overflow", new Property(0, overflowLiterals0, zeroFns));
+    builder.put("overflow-wrap", new Property(0, overflowWrapLiterals0, zeroFns));
     @SuppressWarnings("unchecked")
     Property overflowX = new Property(
         0, union(overflowXLiterals0, overflowXLiterals1), zeroFns);
diff --git a/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java b/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java
index f19b28d6..e04908ef 100644
--- a/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java
+++ b/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java
@@ -847,6 +847,38 @@ public static final void testEmptyDefaultLinkRelsSet() {
         pf.sanitize("<a href=\"http://example.com\" target=\"_blank\">eg</a>"));
   }
 
+  @Test
+  public static final void testOverflowWrap() {
+    PolicyFactory pf = new HtmlPolicyBuilder()
+        .allowElements("span")
+        .allowStyling(CssSchema.union(CssSchema.DEFAULT, CssSchema.withProperties(List.of("overflow-wrap"))))
+        .toFactory();
+
+    assertEquals(
+        "<span style=\"overflow-wrap:anywhere\">Something</span>",
+        pf.sanitize("<span style=\"overflow-wrap: anywhere\">Something</span>"));
+
+    assertEquals(
+        "<span style=\"overflow-wrap:inherit\">Something</span>",
+        pf.sanitize("<span style=\"overflow-wrap: inherit\">Something</span>"));
+
+    assertEquals(
+        "Something",
+        pf.sanitize("<span style=\"overflow-wrap: something\">Something</span>"));
+  }
+
+  @Test
+  public static final void testOverflowWrapNotAllowed() {
+    PolicyFactory pf = new HtmlPolicyBuilder()
+        .allowElements("span")
+        .allowStyling()
+        .toFactory();
+
+    assertEquals(
+        "Something",
+        pf.sanitize("<span style=\"overflow-wrap: anywhere\">Something</span>"));
+  }
+
   @Test
   public static final void testExplicitRelsSkip() {
     PolicyFactory pf = new HtmlPolicyBuilder()