allowing style tag

Author: bgalek

build.gradle.kts

@@ -3,7 +3,7 @@ plugins {
     `maven-publish`
     signing
     jacoco
-    id("pl.allegro.tech.build.axion-release") version "1.10.0"
+    id("pl.allegro.tech.build.axion-release") version "1.12.0"
     id("com.adarshr.test-logger") version "1.6.0"
     id("org.sonarqube") version "2.8"
 }
@@ -15,7 +15,7 @@ repositories {
 
 dependencies {
     implementation("com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20190610.1")
-    testImplementation("org.junit.jupiter:junit-jupiter:5.4.2")
+    testImplementation("org.junit.jupiter:junit-jupiter:5.6.2")
 }
 
 group = "com.github.bgalek.security.svg"

src/main/java/com/github/bgalek/security/svg/SvgSecurityValidator.java

@@ -89,6 +89,7 @@ private static Set<String> getOffendingElements(String xml) {
             "radialgradient",
             "rect",
             "stop",
+            "style",
             "switch",
             "symbol",
             "text",

src/test/java/com/github/bgalek/security/svg/SvgSecurityValidatorTest.java

@@ -15,7 +15,7 @@
 class SvgSecurityValidatorTest {
 
     @ParameterizedTest(name = "validate {0} svg")
-    @ValueSource(strings = {"hacked/with-onclick-attribute.svg", "hacked/with-script-tag.svg"})
+    @ValueSource(strings = {"hacked/with-onclick-attribute.svg", "hacked/with-script-tag.svg", "hacked/with-script-tag-in-styles.svg"})
     void shouldDetectXssInFiles(String file) {
         ValidationResult detect = new SvgSecurityValidator().validate(loadFile(file));
         assertEquals(1, detect.getOffendingElements().size());