html5lib · willkg · Nov 30, 2017 · Nov 30, 2017 · Nov 30, 2017 · Nov 30, 2017
diff --git a/.gitignore b/.gitignore
@@ -80,3 +80,6 @@ target/
 
 # Generated by parse.py -p
 stats.prof
+
+# IDE
+.idea
diff --git a/html5lib/filters/sanitizer.py b/html5lib/filters/sanitizer.py
@@ -855,7 +855,7 @@ def sanitize_css(self, style):
                                                 'padding']:
                 for keyword in value.split():
                     if keyword not in self.allowed_css_keywords and \
-                            not re.match(r"^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$", keyword):  # noqa
+                            not re.match(r"^(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$", keyword):  # noqa
                         break
                 else:
                     clean.append(prop + ': ' + value + ';')

diff --git a/html5lib/tests/test_sanitizer.py b/html5lib/tests/test_sanitizer.py
@@ -113,3 +113,15 @@ def test_sanitizer():
         yield (runSanitizerTest, "test_should_allow_uppercase_%s_uris" % protocol,
                "<img src=\"%s:%s\">foo</a>" % (protocol, rest_of_uri),
                """<img src="%s:%s">foo</a>""" % (protocol, rest_of_uri))
+
+
+def test_lowercase_color_codes_in_style():
+    sanitized = sanitize_html("<p style=\"border: 1px solid #a2a2a2;\"></p>")
+    expected = '<p style=\"border: 1px solid #a2a2a2;\"></p>'
+    assert expected == sanitized
+
+
+def test_uppercase_color_codes_in_style():
+    sanitized = sanitize_html("<p style=\"border: 1px solid #A2A2A2;\"></p>")
+    expected = '<p style=\"border: 1px solid #A2A2A2;\"></p>'
+    assert expected == sanitized
-Original file line number
+Diff line change
@@ Expand Up / @@ -80,3 +80,6 @@ target/ @@
     # Generated by parse.py -p
     stats.prof
+    # IDE
+    .idea