diff --git a/config/initializers/html_sanitizer.rb b/config/initializers/html_sanitizer.rb
index 5d7716340..26dedb014 100644
--- a/config/initializers/html_sanitizer.rb
+++ b/config/initializers/html_sanitizer.rb
@@ -126,3 +126,38 @@ Rails.application.config.html_sanitizer_css_properties_whitelist = {
border-left-color
],
}
+
+Rails.application.config.html_sanitizer_css_values_backlist = {
+ 'table' => [
+ 'font-size:0',
+ 'font-size:0px',
+ 'font-size:0em',
+ 'font-size:0%',
+ 'display:none',
+ 'visibility:hidden',
+ ],
+ 'th' => [
+ 'font-size:0',
+ 'font-size:0px',
+ 'font-size:0em',
+ 'font-size:0%',
+ 'display:none',
+ 'visibility:hidden',
+ ],
+ 'tr' => [
+ 'font-size:0',
+ 'font-size:0px',
+ 'font-size:0em',
+ 'font-size:0%',
+ 'display:none',
+ 'visibility:hidden',
+ ],
+ 'td' => [
+ 'font-size:0',
+ 'font-size:0px',
+ 'font-size:0em',
+ 'font-size:0%',
+ 'display:none',
+ 'visibility:hidden',
+ ],
+}
diff --git a/lib/html_sanitizer.rb b/lib/html_sanitizer.rb
index d54a5f0fe..2b4ebf716 100644
--- a/lib/html_sanitizer.rb
+++ b/lib/html_sanitizer.rb
@@ -16,6 +16,7 @@ satinize html string based on whiltelist
tags_whitelist = Rails.configuration.html_sanitizer_tags_whitelist
attributes_whitelist = Rails.configuration.html_sanitizer_attributes_whitelist
css_properties_whitelist = Rails.configuration.html_sanitizer_css_properties_whitelist
+ css_values_blacklist = Rails.application.config.html_sanitizer_css_values_backlist
classes_whitelist = ['js-signatureMarker']
attributes_2_css = %w[width height]
@@ -146,6 +147,7 @@ satinize html string based on whiltelist
key = prop[0].strip
next if !css_properties_whitelist.include?(node.name)
next if !css_properties_whitelist[node.name].include?(key)
+ next if css_values_blacklist[node.name]&.include?(local_pear.gsub(/[[:space:]]/, '').strip)
style += "#{local_pear};"
end
node['style'] = style
diff --git a/test/unit/html_sanitizer_test.rb b/test/unit/html_sanitizer_test.rb
index f441499a9..a9e9e629b 100644
--- a/test/unit/html_sanitizer_test.rb
+++ b/test/unit/html_sanitizer_test.rb
@@ -105,6 +105,14 @@ style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MA
test 123
')
+ assert_equal(HtmlSanitizer.strict(''), '')
+ assert_equal(HtmlSanitizer.strict(''), '')
+ assert_equal(HtmlSanitizer.strict(''), '')
+ assert_equal(HtmlSanitizer.strict(''), '')
+ assert_equal(HtmlSanitizer.strict(''), '')
+ assert_equal(HtmlSanitizer.strict(''), '')
+ assert_equal(HtmlSanitizer.strict(''), '')
+ assert_equal(HtmlSanitizer.strict(''), '')
end