diff --git a/src/main/java/org/owasp/validator/css/CssValidator.java b/src/main/java/org/owasp/validator/css/CssValidator.java
index 097d429..d9547ba 100644
--- a/src/main/java/org/owasp/validator/css/CssValidator.java
+++ b/src/main/java/org/owasp/validator/css/CssValidator.java
@@ -28,6 +28,7 @@
*/
package org.owasp.validator.css;
+import java.text.DecimalFormat;
import java.util.Iterator;
import java.util.regex.Pattern;
import org.owasp.validator.html.Policy;
@@ -344,15 +345,15 @@ public String lexicalValueToString(LexicalUnit lu) {
// this is a rgb encoded color
StringBuffer sb = new StringBuffer("rgb(");
LexicalUnit param = lu.getParameters();
- sb.append(param.getIntegerValue()); // R value
+ sb.append(getColorValue(param)); // R value
sb.append(',');
param = param.getNextLexicalUnit(); // comma
param = param.getNextLexicalUnit(); // G value
- sb.append(param.getIntegerValue());
+ sb.append(getColorValue(param));
sb.append(',');
param = param.getNextLexicalUnit(); // comma
param = param.getNextLexicalUnit(); // B value
- sb.append(param.getIntegerValue());
+ sb.append(getColorValue(param));
sb.append(')');
return sb.toString();
@@ -404,4 +405,20 @@ public String lexicalValueToString(LexicalUnit lu) {
return null;
}
}
+
+ /**
+ * Returns color value as int.
+ * Maps percentages to values between 0 and 255.
+ * Negative percentages are mapped to 0, values bigger than 100% to 255.
+ *
+ * @param param LexicalUnit
+ * @return color value as int
+ */
+ private static String getColorValue(LexicalUnit param) {
+ if (param.getLexicalUnitType() == LexicalUnit.SAC_PERCENTAGE) {
+ return new DecimalFormat("0.#").format(param.getFloatValue()) + "%";
+ } else {
+ return "" + param.getIntegerValue();
+ }
+ }
}
diff --git a/src/main/resources/antisamy.xml b/src/main/resources/antisamy.xml
index 9872384..43c1b86 100644
--- a/src/main/resources/antisamy.xml
+++ b/src/main/resources/antisamy.xml
@@ -109,6 +109,10 @@
+
+
+
@@ -1141,6 +1145,7 @@
+
@@ -1207,6 +1212,7 @@
+
@@ -1221,6 +1227,7 @@
+
@@ -1235,6 +1242,7 @@
+
@@ -1249,6 +1257,7 @@
+
@@ -1263,6 +1272,7 @@
+
@@ -1314,6 +1324,7 @@
+
@@ -1693,6 +1704,7 @@
+
@@ -2348,6 +2360,7 @@
+
@@ -2366,6 +2379,7 @@
+
@@ -2384,6 +2398,7 @@
+
@@ -2402,6 +2417,7 @@
+
@@ -2420,6 +2436,7 @@
+
@@ -2587,6 +2604,7 @@
+
diff --git a/src/test/java/org/owasp/validator/html/test/AntiSamyTest.java b/src/test/java/org/owasp/validator/html/test/AntiSamyTest.java
index 0d7be47..4699c24 100644
--- a/src/test/java/org/owasp/validator/html/test/AntiSamyTest.java
+++ b/src/test/java/org/owasp/validator/html/test/AntiSamyTest.java
@@ -2725,4 +2725,34 @@ public void testGithubIssue484() throws ScanException, PolicyException {
assertEquals("this is para data
\n" + "
\n" + "this is para data 2
", domValue);
assertEquals("this is para data
\n" + "
\n" + "this is para data 2
", saxValue);
}
+
+ @Test
+ public void testGithubIssue546() throws ScanException, PolicyException {
+ //Given
+ String taintedHtml = "";
+
+ //When
+ CleanResults crDom = as.scan(taintedHtml, policy, AntiSamy.DOM);
+ CleanResults crSax = as.scan(taintedHtml, policy, AntiSamy.SAX);
+
+ //Then
+ String expectedCleanHtml = "";
+ assertEquals(expectedCleanHtml, crDom.getCleanHTML());
+ assertEquals(expectedCleanHtml, crSax.getCleanHTML());
+ }
+
+ @Test
+ public void testGithubIssue546FaultyPercentagesGetFilteredByRegex() throws ScanException, PolicyException {
+ //Given
+ String taintedHtml = "";
+
+ //When
+ CleanResults crDom = as.scan(taintedHtml, policy, AntiSamy.DOM);
+ CleanResults crSax = as.scan(taintedHtml, policy, AntiSamy.SAX);
+
+ //Then
+ String expectedCleanHtml = "";
+ assertEquals(expectedCleanHtml, crDom.getCleanHTML());
+ assertEquals(expectedCleanHtml, crSax.getCleanHTML());
+ }
}