Update to AngleSharp 0.9.8.1 (fixes #80)

mganss · Sep 19, 2016 · 21590d7 · 21590d7
2 parents 553b8dd + 70066eb
commit 21590d7
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 3 deletions.
diff --git a/src/HtmlSanitizer/project.json b/src/HtmlSanitizer/project.json
@@ -17,7 +17,7 @@
     "keyFile": "HtmlSanitizer.snk"
   },
   "dependencies": {
-    "AngleSharp": "[0.9.7]"
+    "AngleSharp": "[0.9.8.1]"
   },
   "frameworks": {
     "net45": {

diff --git a/test/HtmlSanitizer.Tests/Tests.cs b/test/HtmlSanitizer.Tests/Tests.cs
@@ -7,6 +7,7 @@
 using System.Linq;
 using System.Text.RegularExpressions;
 using AngleSharp;
+using AngleSharp.Dom.Css;
 
 // Tests based on tests from http://roadkill.codeplex.com/
 
@@ -876,7 +877,7 @@ public void ImageStyleExpressionXSSTest()
             string actual = sanitizer.Sanitize(htmlFragment);
 
             // Assert
-            string expected = "<IMG>";
+            string expected = "<IMG style=\"\">";
             Assert.Equal(expected, actual, ignoreCase: true);
         }
 
@@ -896,7 +897,7 @@ public void AnchorTagStyleExpressionXSSTest()
             string actual = sanitizer.Sanitize(htmlFragment);
 
             // Assert
-            string expected = "exp/*<a></a>";
+            string expected = "exp/*<a style=\"\"></a>";
             Assert.Equal(expected, actual, ignoreCase: true);
         }
 
@@ -2744,6 +2745,27 @@ public void EscapeEntityInAttributeValueTest()
 
             Assert.Equal(@"<input type=""text"" name=""my_name"" value=""&lt;insert name&gt;"">", actual);
         }
+
+        [Fact]
+        public void FontFaceTest()
+        {
+            // https://github.com/mganss/HtmlSanitizer/issues/80
+
+            var s = new HtmlSanitizer();
+
+            s.AllowDataAttributes = true;
+            s.AllowedAtRules.Add(CssRuleType.FontFace);
+
+            s.AllowedTags.Add("style");
+
+            s.AllowedCssProperties.Add("src");
+            s.AllowedCssProperties.Add("font-family");
+
+            var html = @"<html><head><style>@font-face { font-family: FrutigerLTStd; src: url(""https://example.com/FrutigerLTStd-Light.otf"") format(""opentype"") }</style></head><body></body></html>";
+            var actual = s.SanitizeDocument(html);
+
+            Assert.Equal(html, actual);
+        }
     }
 }