Fix #483

mganss · Oct 24, 2023 · e3e943f · e3e943f
1 parent fe337df
commit e3e943f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/HtmlSanitizer/HtmlSanitizer.cs b/src/HtmlSanitizer/HtmlSanitizer.cs
@@ -563,7 +563,7 @@ private void SanitizeStyleSheets(IHtmlDocument dom, string baseUrl)
                     else i++;
                 }
 
-                styleTag.InnerHtml = styleSheet.ToCss(StyleFormatter).Replace("<", "\\3c ").Replace(">", "\\3e ");
+                styleTag.InnerHtml = styleSheet.ToCss(StyleFormatter).Replace("<", "\\3c ");
             }
         }
 

diff --git a/test/HtmlSanitizer.Tests/Tests.cs b/test/HtmlSanitizer.Tests/Tests.cs
@@ -3248,7 +3248,7 @@ public void StyleByPassTest()
         var sanitized = sanitizer.Sanitize(html, "http://www.example.com");
 
         // Assert
-        Assert.Equal("aaabc<style>x[x=\"\\3c /style\\3e \\3c img src onerror=alert(1)\\3e \"] { }</style>", sanitized);
+        Assert.Equal("aaabc<style>x[x=\"\\3c /style>\\3c img src onerror=alert(1)>\"] { }</style>", sanitized);
     }
 
     [Fact]
@@ -3562,6 +3562,6 @@ public void InlineCssTest()
         var sanitizer = new HtmlSanitizer();
         sanitizer.RemovingTag += (sender, args) => args.Cancel = true;
         var output = sanitizer.Sanitize(input);
-        Assert.Equal(@"<style>span\3e p { font-size: 2em }</style><span><p>I am safe</p></span>", output);
+        Assert.Equal(@"<style>span>p { font-size: 2em }</style><span><p>I am safe</p></span>", output);
     }
 }